Quantcast
Viewing all 20531 articles
Browse latest View live

simple-dns

a very simple and stupid DNS server to bypass the DNS pollution 破DNS污染.

introduction

a very simple and stupid DNS server to bypass the DNS pollution. 很傻的DNS server,破DNS污染。

how it works:

your remote server listen on a port other than 53, (as you can see in config.json.remote, it's 60053). 你远程DNS服务器监听的端口不是53。

configuration

change remote_ip in config.json.local to your remote server ip 改一下这个字段
on your remote server run, 远程机器:
python dns-client.py config.json.remote
on your local machine run, 本机:
python dns-client.py config.json.local

test

nslookup google.com 127.0.0.1

win7 set localhost dns

netsh interface ipv4 set dnsservers "Wireless Network Connection" static 127.0.0.1 
 
from https://github.com/wynemo/simple-dns

一个基于go的http代理服务器程序:kiss-proxy

this a simple and stupid http proxy.

this a simple and stupid http proxy server. it supports HTTP tunnel, and HTTP keep-alive
go get github.com/wynemo/kiss-proxy/httpproxy
$GOPATH/bin/httpproxy &
(得到的可执行文件为httpproxy)
默认监听的端口为8118.
 
这个httpproxy可用作stunnel的后端程序。
 
 
from https://github.com/wynemo/kiss-proxy 

paperwork

Paperwork - OpenSource note-taking & archiving alternative to Evernote, Microsoft OneNote & Google Keep

Paperwork

OpenSource note-taking & archiving

Image may be NSFW.
Clik here to view.
Join the chat

Image may be NSFW.
Clik here to view.

Paperwork is an open-source, self-hosted alternative to services like Evernote ®, Microsoft OneNote ® or Google Keep ®.

Version 2

This branch contains the second iteration of Paperwork, which is a complete rewrite. Not only is it based on another framework - it is based on a completely different technology stack. It is in its very early development phase and not yet usable.
If you were looking for the Laravel-based version 1 of Paperwork, please check out this branch.

Background

The very first version of Paperwork was started in July 2014 as a pet-project by this guy, mainly out of frustration about the existing services (Evernote & others), fear ignited by the Snowden revelations and curiosity about whether the effort would lead to something people would be interested in. And apparently it did. :) Soon, more greatpeoplejoined the project and contributed.
However, originally the tech that was used to build the very first version on top (mainly PHP 5, MySQL, Laravel 4, Angular & Bootstrap) was chosen to keep things simple and allow iterating quickly. The primary goal for the project was the actual result, rather than any sort of technological finesse.
Over the time, two observations concerning the chosen technology were made:
  • The percentage of code share between PHP (as in the Laravel back-end) and JavaScript (as in the Angular front-end) shifted from an initial 80:20-ratio to roughly 50:50 by today
  • Most of the time, the biggest pain-points during the implementation of new features were not within the front-end but rather on the back-end side
With us basically struggling to implement heavily requested features, not solely but also due to technical debt that was caused by poor technical decisions in first place, the project slowly became dormant.
With the effort to revamp Paperwork in its current form (e.g. clean the code on the front- and the back-end, upgrade to the latest Laravel version, upgrade to the latest PHP version, clean the database schema, refactor the API, ...) being significant and a clear force on the JavaScript-side of the project being observable, it seems to make more sense to rebuild Paperwork from ground up, on top of an architecture that allows for more flexibility, quicker iteration, a better structure and ultimately a higher ease of use/contribute.

So, what now?

This branch contains a very first suggestion, of how the second iteration of Paperwork could look like. As you might notice, one major change is the clear separation of components, making this branch (and hopefully soon the whole repository) only one piece of the puzzle. Currently, it only contains of the back-end component — or better, one of them — and does not include front-end components whatsoever. The idea is to build the second iteration in a more modular and diversified manner, picking the right tool for the task rather than building a monolith that is harder to maintain the bigger it grows.
Everyone who is interested in getting their feet wet is highly welcome to join the discussion and planning around Paperwork 2.

Okay, cool. But what took you so long to get to this point?

Funding. Basically this point was planned and headed towards sometime in mid 2016. Since then, different attempts were made to get funding for this project, through individuals but also programs like Prototypefund. The general idea was to accelerate development by paying you, the contributors, using a bounty-source-like approach. Unfortunately none of the attempts led to an actual funding or investment whatsoever. At this point putting the effort into the actual development, instead of pursuing further discussions and applications for such programs seems to make more sense.

I would love to help!

Feel free to check out this branch and get involved with what's there already to get an idea of where Paperwork is heading. Also check out the project board to see what needs to be done or suggest what and how should be done.
Feel free to actively participate in the chatroom or shoot an email to the Paperwork dev mailinglist.

Usage

This repository is structuring and unifying all required components for Paperwork.
$ git clone git@github.com:twostairs/paperwork.git

Docker Compose

The setup is split into separate compose files that can be run individually of each other. In order for the service compose-files to work, the infrastructure compose-file needs to be running, though.
The compose-setup depends on an encrypted overlay network to be created. For that, your docker environment needs to have swarm activated. You can do so by running:
$ docker swarm init
There is no need to join any more members to it. Only with swarm enabled the infrastructure can be launched:
$ docker-compose -f ./docker-compose.infrastructure.yml up --build
After the infrastructure is up and running all the services can be started individually.
Users Service
In order to start the users service (service-users), run the following docker-compose command:
$ docker-compose -f ./docker-compose.service-users.yml up --build
This allows running each service either as fully built docker container or as development instance. For example, service-users could also be run locally, via npm run dev, alongside the infrastructure compose-file. This would make service-kong (inside infrastructure) reach out to the local development instance of service-users and allow for easy development on individual services.
In order to make a local service available inside docker, the devproxy is being required. The devproxy automatically runs inside the infrastructure, exposes port 2222 on the host and provides a way to forward local development ports into the docker environment. In order to forward the local service-users port into the docker environment, an SSH port forward is required:
$ ssh -o "UserKnownHostsFile /dev/null" -o "StrictHostKeyChecking=no" -p 2222 -R 3000:127.0.0.1:3000 root@127.0.0.1
The root password is root. This forwards the local port 3000 into the devproxy, so that service-kong could reach service-users through devproxy:3000. In order to do so, the locally running service-users needs to have the SERVICE_USERS_URL environment variable set to http://devproxy:3000, as it uses this variable to set up the kong upstream for service-users.

Developing / contributing

Please refer to the components' repositories in order to get more information on how to contribute.

List of components

from https://github.com/twostairs/paperwork

芯片为什么这么难做?芯片的基本原理是什么?李永乐老师带你了解!


from https://www.youtube.com/watch?v=7MFly82e46Q

何清涟:北京的烦恼 —— 美国停止为中国“购买”民主之后

美国总统川普让北京陷入巨大的烦恼,这烦恼来自于他的不可捉摸。比如4月中旬的数天之间,川普拉着中国坐了一趟心惊肉跳的“过山车”:4月12日,川普在接见他的“票仓”——美国农业州州长与议员们时说:中美最终可能不会相互征新的税;4月17日就对中国一剑封喉:因为违反美国制裁规定,美国企业被禁在未来7年内向中国电信设备制造商中兴通讯销售元器件。
北京对“经济侵略”指责反应迟缓
中兴通讯的产品对美国零部件高度依赖,因此,有行家评论说,“中兴因美国此举将受到的伤害,不只是短期的财务损失,更可能是就此一蹶不振”。此举让北京省悟:川普这次瞄准了中国的经济命门。但北京对此仍感困惑:中兴做的那些事情,早在奥巴马时期就已被美国知晓,但白宫只是举起大棒作出敲打姿态罢了。为何川普上任后,中兴以认罚方式表示服软,仍然难逃被猛烈敲打厄运?
原因在于川普的对华战略定位发生了根本变化。2017年12月18日,川普总统公布了他的新国家安全战略,为美国未来军事和外交政策、国防开支、贸易谈判和国际合作提供了一份“清晰可行的手册”,以应对最危险和持续的威胁。这份新安全战略报告称,美国与俄、中两国的竞争日渐加剧,这两大竞争对手“试图挑战美国的影响力、价值观和财富”,对中国的“经济侵略”必须予以报复。
川普的对华战略定位发生了根本变化。
这份新国家安全战略结束了美国对华政策的战略模糊状态,标志中美关系面临1972年建交以来最大变数,但北京对此却反应迟缓,部分原因是中共忙于解决高层内部冲突,无暇他顾。
川普为何要停止为中国“购买”民主?
说美国为中国购买民主,听起来多少会感到奇怪,但这一对华政策确实是美国外交方略。
美国对华外交方略的形成,与开通“破冰之旅”的基辛格密切相关。自中国宣称改革开放之后,深受基辛格影响的美国国务院一直奉行所谓“八字方针”:接触、合作、影响、改变。通过政府接触、两国经济合作、随NGO附送进去的各种民主建设专案,逐步让中国融入国际社会,成为负责任的国际社会成员。美国国家民主基金会对此有两句经典表述:用经济发展改变中国,最终推进中国民主化。
因此,美国积极促使中国加入WTO,一直容忍中国多次违反WTO规则;也容忍中国屡屡侵犯知识产权(美国反知识产权窃取委员会发布的报告数据称,美国每年因知识产权被窃取而遭受的损失在2250亿到6000亿美元之间,中国是罪魁祸首)。与此同时,美国派驻中国的NGO约有1000余家,从事环保、人权、慈善等各种活动,同时还给予中国政府管辖的官方研究机构、大学、NGO以各种援助,这一切付出都是为中国“购买”民主——中国政府将此称之为“和平演变”或者“颜色革命”。
川普竞选时提出的口号是“让美国重新伟大”,宣布当选后将放弃与外国的意识形态竞争,这些主张得到民意支持,因为自911事件之后,美国人越来越强烈地感觉到,大多数支持海外民主和民主思想重要性的项目都是无效的,受援助国家人民并不感激,甚至仇视美国。皮尤研究中心近五年来的民调均显示,过半美国人希望政府应该多关注本国问题,少管外国闲事,也希望其他国家的政府管好本国事务。
川普入主白宫之后,立即重新评估奥巴马政府时期美国对外援助的绩效,保守派智库美国传统基金会詹姆斯·罗伯茨(James Roberts)的研究证明:“美国、经合组织国家等西方国家提供的援助,太多的援助最后只是帮助腐败政府继续掌权”。此后,白宫削减国务院和国际开发署37%对外援助和外交经费的提议虽然遭遇强烈反对意见,但最后通过。该预算提案将2018财年“公正和民主治理”部分的支出从2016财年的23亿美元削减至16亿美元。这件事情被《纽约时报》指责为《川普从全球民主事业中撤出》(Trump’s Global Democracy Retreat,2017年9月27日),指责川普放弃了美国在推动全球民主事业上的承诺,对美国自身也不利。
北京对川普的两点误判
中国非常欢迎美国停止对外输出“颜色革命”,认为从此以后不需要面对美国在人权、民主等议题上施加的压力;对付商人出身的川普,只需要诱之以利。现在看来,北京对川普有两点误判:
第一,北京对美国新国家安全战略的估计有严重偏差。川普对华外交不再以改变中共意识形态为战略目标,是因为川普认为牺牲美国利益为中国购买民主策略完全是无用功。既然购买无效,美国就不再容忍中国窃取美国知识产权的各类行为,包括通过购买后再剽窃仿制美国产品。因为中国廉价的山寨产品如果投放全球市场,将挤垮美国企业,影响美国重振经济——这是川普作为美国总统必须考量的国家利益。
第二,北京评估川普的利益考量时,偏重于川普的私人利益。中国在江胡时代就形成了家国一体的利益输送机制,官场均将公有资源视为自家金库。外商进入中国,入乡随俗,采用各种手段贿赂官员,上至政治局常委,下至普通官员,只要自家得了好处,国家利益在所不计。因此,中共推己及人,认为只要拉拢川普家人,让他们在中国的投资中获利,就可以与美国继续合作。因此,川普钟爱的女儿伊万卡及其夫婿成了中国重点攻略目标。直到今年3月,传出川普要将伊万卡夫妇逐步挤出白宫,中国才算明白这笔感情投资算白费了。
为了正确认识川普,中国方面也算下足了功夫。十九大之后,退休后复出担任国家副主席的王歧山,被认为是“知美派”。多年以来,王刻意与美国政界、商界及学界保持密切关系。过去数月以来,王歧山曾经与美国前财长保尔森,以及不少美国商界领袖会晤,并将此称为“朋友的聚会”。有消息披露,在王十九大退休前的一次会晤中,王岐山曾在会上问与会的美国金融精英:“川普是一个偶然的现象,还是一个趋势?”不仅王歧山如此,其余的高官如王沪宁等,也在做同样的事情。
川普是美国政界的一匹黑马。他与共和党本无关系,2016年,他借了共和党的平台,打败共和、民主两党的建制派,以及布什、克林顿两大政治家族,成功入主白宫。中方多年刻意结纳的美国政商两界人脉,大都属于民主、共和两党建制派内人物,基本都是川普阵营之外的人,他们根本摸不清这位总统的心意。曾与王歧山会面的班农,虽然属于川普团队要员,但在与王会面不久后离职。更何况,川普入主白宫至今一年零三个月,前后离职的团队成员却多达25位,这些团队成员连自己明天在哪都不清楚,就算中国政府想尽办法交结这些人,他们也无法告诉中国政府“川普到底怎么想”。
北京如何应付川普的对华新攻略?
中国国内有人担心中美将陷入上世纪60-70年代初的冷战状态。但事实上这种冷战几乎不可能发生。
冷战发生的背景是冷战双方的相对隔离。当时,前苏联号称“铁幕政治”,对外经济联系只限于经互会成员国,即东欧社会主义国家,与西方各国并无投资、经贸关系,因而西方国家无论从意识形态还是从利益上,都很容易与苏联切割。
中国对外开放40年,加入WTO也有17年,已与世界上约170个国家建立了经贸与投资关系,。2017年,欧盟、美国和东盟仍为中国前三大交易伙伴;中国成为全球第二大投资国,投资主要流往美国、欧盟等国家与地区。
与西方大国之间这种“你中有我、我中有你”的利益羁绊,与冷战时期的苏联对外关系完全不同,不仅中国不能轻言闭关锁国,就算是美国,对中国动辄采取经济制裁,也会受到本国各种利益集团的反对,目前,美国有约110家商会、行业协会反对中美贸易战,农业州大多也持反对态度。
但中国切莫以为可以依靠这种美国内部的反对势力来应付川普的对华新政策,因为在美国各种不同的声音后面,却有对中国“不公平”的贸易模式采取行动的共识,区别只在于行动的界限如何划定;中国当然还可以将川普当作一个“偶然”,期盼今年中期选举共和党失利,民主党夺回参众两院或至少一院,让川普连任美梦不能成真——但那毕竟不是现实,现实是川普当选总统的社会条件并未改变。因此,中国与其费尽心思去猜测川普的心思,还不如改变自己:在世界经济交往中遵守国际规则。美国当年允许你“经济侵略”,为的是要“影响、改变”中国政体。你中国既然不想被“改变”,美国当然也不想让你继续占“便宜”.

台灣高考滿分作文 PK 大陸高考滿分作文


还是台灣的高考滿分作文的古文水平更高。

那些珍贵的年轻人

1. 发生了什么?
或许刚开始时,并没有人想到事态会如此发展。
四月初,一封实名检举信,指控原北大中文系教授沈阳在二十年前性侵女学生高岩,导致高岩自杀。当事人随即否认。舆论一片哗然。
还原事实的关键,在北大。调取二十年前校方对此案的调查档案,一定程度上有助于澄清真相。
作为对校方的监督,4月7日,14级本科生邓同学发帖表示自己将依据《北京大学校务公开实施办法》,申请学校公开1998年7月前后讨论沈阳“师德”问题的系列会议记录。在文章中,他呼吁更多同学一同行动、一起发声,向学校施压,提高信息公开的可能性。
文章发出后很快被删除,邓同学也被院方约谈至深夜。
第二天,4月8日,北大主动公布了两份文件,分别是1998年学校和中文系给予沈阳行政警告处分的决定。文件中认为沈阳在与女学生高岩的交往中“行为不当”。
但学生们认为信息披露仍不充分。4月9日,还是有十位来自不同院系的北大在校生向学校递交了书面的信息公开申请。另外还有15名同学通过邮件递交了申请。他们要求公开的内容,包括“党委相关会议记录”“西城区公安局对此事的调查结果通报”“中文系相关会议记录”以及“沈阳在大会上公开检讨的内容”。
一些参与信息公开申请的同学发文称,在等待校方答复期间,他们多次被院方“约谈”,有的还被“请家长”,试图说服他们撤回申请。一位同学回忆,辅导员在谈话中曾提出“三条指控”:怀疑提交信息公开申请的同学背后“有组织有预谋”;怀疑这一行动受到境外组织的资金支持;申请当天有境外媒体试图入校,怀疑是申请的同学联系的。与境外组织的关系,是辅导员“约谈”中反复询问的重点。
4月20日,校方依据规定,向申请信息公开的同学作出答复。答复称,现有档案中没有同学们要求公开的信息。同时也承认,当时学校和院系管理工作并不规范健全。
4月22日下午和晚上,外国语学院的辅导员“出于对学生的关心”(外国语学院官方“情况说明”中用语),试图联系参与申请信息公开的岳同学。在多次电话未接后,辅导员联系了岳同学家长,在凌晨来到岳同学宿舍,把她叫醒。岳同学后来发文称,辅导员要求她删除手机、电脑中所有与信息公开事件相关的资料,并保证不再介入此事。她随后被家长带回,禁足家中。
第二天,岳同学就自己深夜被“强行约谈”的经历发出公开信,谴责院方一系列行为。公开信以及所有讨论此事的文章、图片,几乎都被删除。
而删帖带来的却是舆论的反弹。删掉一篇文章,更多的声援文章在不同平台、以不同格式转发;文字版发不出,就转成图片版发;图片版被审查,就倒着发,斜着发,变着型发。
屡发屡删,屡删屡发。
2. 解决提出问题的人
对北大来说,恐怕没有比这更糟糕的危机公关了。
人们甚至有点想不明白——学生申请信息公开,如此简单的一件小事,校方为何会作出如此的过激反应。
沈阳一案,已是二十年前的旧事。北大公布当年处理文件,后续引进沈阳的南京大学、上海师范大学跟进表态,建议沈阳辞职或解除与其聘任协议,此事已算告一段落。校方若将重心转移到反性侵、反性骚扰的制度建设,率先拿出具体方案、作出明确表态,反而会博得公众好感。
就算当年内部处分有所不妥,或者真是档案信息缺失,面对校内学生申请信息公开的穷追不舍,直面问题,承认二十年前的制度缺漏,承诺将完善制度、防范悲剧再次发生,也是体面正当的表态。
也有坊间猜测,多所高校学生参与到metoo活动中,引发更高层关于事态发展趋势的担忧,才迫使北大采取了相关行动。即便如此,各级管理机构也应该认识到,metoo活动产生的根本原因是高校内部存在的性骚扰恶行。直面问题,完善制度,才是平息舆论、行动最好的方式。
然而,比起直面问题、承诺解决问题,北大和有关管理部门却选择了另一条看起来更直接、更简单的思路——不要让问题暴露。
具体方法有三种:
-删帖。以强硬姿态管控舆论。
-让发帖人噤声。直接向发帖人施加压力,或利用其家庭关系施加压力,使其不敢、不愿发声。
-揣测动机。怀疑发声者的动机,有“校外势力”“不法分子”“境外媒体”“不良媒体”在背后操纵。动机可疑,因而言行不端。
这三招,几乎是维稳思路下的标准流程。不仅此番风波中,在许多公共事件中,都能看到类似的操作。解决问题太慢太麻烦,那就解决提出问题的人。
当学生处在与学校、老师不对等的权力关系下,有太多利益可以被校方用以要挟。利用家庭关系施压,更是屡试不爽。在中国社会,维权、行动、参与一类的词语距离普通人的生活遥远而陌生,是被污名、被审查的。对于经历或者近距离见证过各种政治运动的老一辈人而言,所谓的公共行动,不仅是无用的、无意义的,也是危险的。家长对孩子们的期望,简单而朴实:安全,稳定,集中时间和精力做那些“有用”的事。当年轻一代表达出对公共事务的关注和参与,很少有家长不为此担忧。普通的中国家庭,代际之间普遍没有建立起清晰的个人界限,家长能轻而易举对子女进行道德、情感绑架。在让发声者沉默这件事情上,行动者的家人,总是权力最好的人质。
而“境外势力”“别有用心的社会人员“一类的说辞,也总会出现在各种公民行动的背后。我们很难知道,在学校老师们试图用这一套话语体系去分析学生们的行为时,他们仅仅是将这样的说法作为恐吓学生的工具,还是真诚的相信阴谋的存在。
当年轻一代的学生们已经用现代公民的姿态,诉诸法律和制度,光明正大的要求对权力进行约束和监督时,校方和有关部门却还延续着阶级斗争的传统思路。在这一思维模式下,学生们被默认是服从权威、没有主见的。当他们表达出对权威的质疑和叛逆,表达出独立的思考与诉求,就很可能是被与权威敌对的势力煽动、操控。
根本性的否定学生的独立人格,也因此会理所当然的将学生的家庭牵扯进来,以为家长是可以改变学生思考、认知的重要角色;也因为这种对学生独立人格的否定,不相信可以和他们进行理性、积极的对话,不认为可以和他们共同面对问题、解决问题,而本能地防范学生的参与和行动,认为那只会带来进一步的混乱。
3. 愤怒的力量
但在这次北大的风波中,我们看到的却是和这些预设截然不同的年轻一代。
无论是最初发起信息公开申请的邓同学,还是被“深夜约谈”、家人禁足的岳同学,TA们足够年轻,足够聪明,足够精英。TA们有独立的思考和言说,展示出强烈的社会责任感,以及对社会结构性不公的清醒认识。TA们为弱者、为公义发声,TA们相信法律和制度,坚韧而理性的参与公共。
人们之所以会为北大的这件“小事”而愤怒,正在于这么好的年轻人,他们没有得到珍视,没有被褒扬,他们明明是让这个社会可以变得更好的希望和力量,却在被权力强硬的否定。否定他们独立的人格,“绑架”他们珍爱的家人,干涉他们的自主行为,压制所有声援的声音。
人们无比失望的看到,在最应该培养独立人格、自由思想的中国大学,在真正面临冲突、最需要年轻人担当的时刻,老师们却在有意无意的试图驯服年轻人的意气,把年轻人们对公共事务的热情转换成犬儒,而最终消解公共行动与言说的力量和意义。
然而,愤怒应该是有力量的。
愤怒应该指向对权力的约束。依靠制度,依靠法律,防止权力的滥用。
一所大学,乃至一个网络监管部门,没有权力逾越法律,删除、禁止公民的合法言论。当我们还会为同学们的遭遇感到愤怒,就更要大声发声、倡导。不因文章、帖子不断被删除而停止发声。甚至在必要时,用法律维护自己发声的渠道。
学生对学校事务的参与权、监督权,需要更明确的制度保障;而一所学校对学生行为的调查、干预,需要基于证据和事实,遵循一定的规则和程序,带有明显强制意味的”约谈“应被规范和限制。
除此之外,我们还需要表达对公共参与者的肯定、支持。让更多人理解公共参与的逻辑,并身体力行的参与到公共事务中。让公共参与,不再是一件让家长、学校感到“敏感”“危险”的事情,而逐步成为现代公民生活的常态。
这些敢于指出问题,并愿意积极解决问题的年轻人,是北大的财富,更是整个社会的财富。
他们值得起一个更好的社会
----------

专制政府的大学也学会了专制政府的那一套:
“具体方法有三种:
-删帖。以强硬姿态管控舆论。
-让发帖人噤声。直接向发帖人施加压力,或利用其家庭关系施加压力,使其不敢、不愿发声。
-揣测动机。怀疑发声者的动机,有“校外势力”“不法分子”“境外媒体”“不良媒体”在背后操纵。动机可疑,因而言行不端。”

俞敏洪:中年男人的成长


心态不老,就永远是“年轻男”;心态老了,就会变成油腻男/猥琐男/老朽男。


利用xtunnel翻墙

首先在服务器上安装go环境。
进入gopath,运行:go get github.com/elvizlai/xtunnel

可执行文件xtunnel就会出现在$GOPATH/bin/里面。
xtunnel -crypto aes256cfb -listen 0.0.0.0:7777 -mode server -remote localhost:8118 -secret my-password &
(服务器端就搭建好了,其中localhost:8118是在同一台服务器上的8118端口运行的一个http代理服务器程序,我是用kiss-proxy这个程序搭建的,参见http://briteming.blogspot.com/2018/04/gohttpkiss-proxy.html)

在本地机器mac上。
先安装go环境。
 进入gopath,运行:go get github.com/elvizlai/xtunnel
 可执行文件xtunnel就会出现在$GOPATH/bin/里面。
 xtunnel -crypto aes256cfb -listen 127.0.0.1:2000  -mode client -remote my-vps-ip:7777 -secret my-password
这样,客户端就搭建好了,然后设置本地机器的浏览器的http代理服务器为127.0.0.1:2000 ,浏览器即可翻墙。
注意:因为服务器上,我用的xtunnel的后端程序kiss-proxy是http代理服务器程序,所以本地机器的浏览器的代理服务器类型需要相应的选择http类型。如果服务器上,我用的xtunnel的后端程序,比如mocks,是socks5代理服务器程序,则本地机器的浏览器的代理服务器类型需要相应的选择socks5类型.

项目地址:https://github.com/elvizlai/xtunnel

相关帖子:http://briteming.blogspot.com/2015/10/goqtunnel.html

邓聿文:中美关系恶化(很好,玩死共匪)

进入2018年,随着贸易、台湾等问题全面发酵,美中关系硬着陆可能性大增。
美中关系发展到今天这个地步,有一个过程,并非突然而至。我从2014年开始,就撰文提醒外界注意即将到来的美中冲突,并指美中进入修昔底德陷阱的可能性是存在的。此乃因为在奥巴马后期,美中关系出现恶化状态,这种恶化不是由某个突发事件导致的短期关系变坏,而是总体性的。其中一个突出表现,是习近平向奥巴马提出的中美新型大国关系一直未获美方回应。
美国的认知转向
美国宣布将三个航母战斗群部署到亚太,防长马蒂斯说,”我们(美国)的军力仍然很强大,然而我们的竞争优势在武装力量的各个层面已经受到侵蚀。”
而在美国国内特别是外交政策和战略界,则出现了一场有关中国的大辩论,完成了对中国认知的重新转向。例如,在美国具有影响力的芝加哥大学政治学教授米尔斯海默等鹰牌学者,已经明确将中国定位为美国未来唯一的对手,认为遏制中国将是美国使命。即使像沈大伟这样的“知华派”学者,对中国的评价也由以前的中性向完全负面转化,后者曾在《华尔街日报》发表“即将到来的中国崩溃”一文,虽然他称题目为编辑所加,不反映其看法,但此类判断也无意间透露出华盛顿的倾向。
特朗普上台后,美国关于中国的辩论已经完成,结论是中国不可能成为美国塑造的那种国家,过去对中国奉行的接触政策不能再继续。
奥巴马时期曾在国务院负责东亚和太平洋事务的助理国务卿坎贝尔今年4月在《外交事务》杂志合刊上发表的题为《中国的惩罚》文章就典型地代表了美国学界的看法。该文说,“美国曾设想,更多地与中国进行经济交往可以使中国经济逐步地但是坚定地走向自由化……这一信念驱使美国在90年代给中国最惠国待遇,在2001年支持中国加入WTO,2006年与中国进行经济对话,在奥巴马政府期间与中国进行双边投资协定谈判”;但“华盛顿现在面对的是现代历史上最有活力的巨大竞争者。正确对待这个挑战,就要放弃美国长期以来对中国充满希望的政策。”
其中,中共十九大又是一个催化剂。特朗普的前白宫首席策划师班农对中国尤其“不满”,他去年年底在东京的演讲指出,中共十九大是中国未来全球霸权统治的计划,西方对此根本没人关注,所以他的使命就是让美国明白这点,对中国采取强硬态度。现在白宫对中国采取的政策,实际上就是没有班农的班农路线。此次特朗普对中国威胁发起贸易战,一篇媒体文章对有关美国媒体与专家、企业和商业联盟、民调与国会对贸易战的看法进行梳理得出结论:尽管美国人对特朗普的政策有不同声音,但在不同声音背后,却反映了对中国“不公平”贸易模式采取行动的“共识”。
中国的误判与扩张
美国曾设想,更多地与中国进行经济交往可以使中国经济逐步地但是坚定地走向自由化。但现在发现中国借着经济成就向世界推销中国道路和模式。
对美国的这一转向,中国国内虽然意识到了,却没有引起应有重视,尤其对特朗普产生了严重误判,将其在竞选期间攻击中国的言论,以竞选语言看待,认为特朗普当选后在中美关系上会回归正常,对特朗普的“美国优先”政策没有理解其国内背景,过于看重特朗普作为商人的“交易”特点,而轻视其履约及守护美国文明的决心和意志。此外,也忽视了美国国内整体民意的大转变。
正由于有这些失误,中国在处理对美关系时,虽然就高层而言,尚属克制,但在具体操作部门以及民间,实行的是以强硬对强硬的”对抗”思维,在外交实践上,表现为“亲俄疏美”,这反过来,进一步强化了美国对中国的负面形象。
为什么美中关系在奥巴马后期特别是特朗普执政的这一年多时间里,会发生质变?最根本的原因,是中国崛起的速度超出西方预期,而中国的崛起,在西方看来,又是一种异质文明的发展模式,它构成了对以自由市场+民主政治+基督教文明的西方文明和发展模式的严峻挑战。
中国的崛起是迄今为止迥然不同于西方文明的崛起,无论体量、人口、历史和制度都同过去的挑战者不同。自近代以来的霸权转移,美英之间是在同一种文明、制度和市场的框架下进行的,所以进程比较和平。美苏争霸虽然制度和市场不同,但在文明上有交集的地方,苏联的斯拉夫文化总体上也属于西方文化的一种,另外,这也是两个集团的争霸,所以它呈现的是冷战色彩。美日较量则发生过两次,二战时期,两者在制度和文明上都截然不同,市场也有差异,最后发展到兵戎相见;经过民主化改造后,在上世纪80年代,两者在制度和市场上趋于一致,但在文明上还是很大差异,所以表现为经济竞争。
中国同上述国家都不一样。简单地说,中国奉行的是国家资本主义发展模式,从市场基础来说,它不是过去的计划体制,也不是纯粹的市场经济,而是有国家干预或政府控制的市场经济;从政治体制来说,它是由共产党一党统治的威权体制,目前发展到具有个人崇拜性质的习近平“一人领导”的极权阶段;从文化来说,它是马克思主义的意识形态和中国传统的儒家文化混杂而成的文化。这套制度文明和发展模式在西方看来,正好和自己对立。
不可调和的美中矛盾
特朗普上任后和习近平先后在海湖庄园会晤,在故宫茶叙。但这种亲密接触并不能掩盖美中之间存在的巨大矛盾。
美国已故政治学家亨廷顿在上世纪90年代提出的“文明冲突论”深刻影响着美国的战略和思想界。它的核心思想是,世界将会陷入不同文明的冲突和对抗中,以中国为代表的儒教文明和以美国为代表的基督教文明最终将会形成对抗,挑战美国霸权,班农就秉持了亨廷顿的这一思想,将中国与伊斯兰相提并论,认为是基督教面对的两大威胁。
那么,如何来解释之前美国历届政府对中国实行的接触政策,支持中国改革开放?
在冷战后期,美国扶持中国,最初是出于抗衡苏联的需要,苏联垮台后,美国相信中国在现代化的过程中,终将会被西方引导民主轨道上来。然而,正如谙熟西方的中国外交官傅莹所言,中国取得的成功和增强的自信并没有导向美国愿望,反而使中国道路更加不可逆转;另外,融入国际体系之后的中国,也没有成为屈服于美国意志和利益需求的辅从,而是以更加主动的姿态参与设计和塑造国际和地区事务的方向。前述坎贝尔的文章就反映了这点。
于是,美国很失望。但在奥巴马后期之前,中国对美国的挑战还不突出,或者说,美国对中国的挑战还不放在心上。这之后,美国看到,中国借着经济成就向世界推销中国道路和模式已经很明显了,这就和美国的根本利益产生了尖锐冲突,若再不对此进行遏制,等中国进一步强大,就无法阻止了
在中国看来,美国奉行”例外论”,中国也是一个“例外”国家,中国有世界最长的不曾中断的历史,长期是东亚秩序的主导者。随着国力大增,蛰伏于历史的这种自豪和优越感被激发出来,中国认为自己有足够的智慧可以而且应当走出一条独特的路来,为人类文明做出贡献,故而对美国的遏制自然不满。对很多中国人来说,要维护自己的发展权益,最终战胜美国,就必须敢同美国硬碰硬。
故可见,文明之争或者美中发展模式和制度之争,才是美中最深刻最本质的结构矛盾,它决定了两者的不可调和,迟早要爆发出来。贸易战和台湾问题只是这一根本矛盾的外在表现
而从现实层面来说,相对于贸易冲突,台湾问题对美中关系的“杀伤力”更大。台湾问题牵涉地缘政治,无论对美还是对中,都是核心利益。对美来说,保护台湾关乎美国作为世界头号霸权的信誉,如果台湾在遭受中国武力入侵后不敢保护台湾或者最终失败,这可能意味着美国霸权的转移。台湾对中国大陆特别是中共,更是不可承受之重。失去台湾,不仅意味着中国崛起功亏一篑,也标志着中共统治的可能终结。所以,如果台湾要回归中国,那么美中必有一战,除非华盛顿甘愿放弃霸权。
在美中由接触和合作渐向遏制和对抗转化但尚未成趋势之际,我曾撰文要中国看清现实,放弃和俄罗斯的“准同盟关系”,放弃和美国对抗的思维,虽然中俄两国在受到美国挤压后“抱团取暖”共同对付美国有一定客观性,可以理解,但如果抱着对抗思维打定主意要同美国决一雌雄,则最后受损的一定是中国。而从今年情况来看,美中对抗已然成形,从事物本身的逻辑出发,既然大势已成,短期要改变这个“势”很难,除非一方服软,做出大让步,但在双方民粹情绪的制约以及现实利益的考量下,估计谁都不会作出大让步.

美国司法部正在调查华为是否违反美国对伊朗的制裁规定

25日消息 《华尔街日报》援引知情人士报道称,美国司法部正在调查华为是否违反了美国对伊朗的制裁规定。
  报道称,不清楚司法部调查的进展以及当局的具体指控。
  华为发言人拒绝向华尔街日报发表评论。
  分析人士称,美国司法部的此次调查可能给华为带来诸多风险。本来,华为在美国市场的业务就相对有限。而在此之前,美国政府已是对华为百般刁难,包括阻止美国移动运营商与华为合作等。
  更重要的是,美国司法部的此次调查,还可能影响到华为在其他国际市场的业务,尤其是欧洲。由于美国政府对华为的严格审查,一些同盟国已开始对华为采取谨慎态度。
  分析人士还称,美国政府加大对华为的审查力度,也凸显了中美两国贸易关系的紧张局势。近期,特朗普政府曾表示,华为有可能对美国在5G市场的领先地位构成威胁。
  当前,华为是全球基站电子和其他通信设备的最大厂商,也是全球第三大智能手机厂商。这些知情人士还称,在此次的司法部调查之前,华为还接到了美国商务部和财政部的行政传票,也是关于出口禁令方面的问题。
  而这一次,美国司法部对华为展开的是刑事调查,代表着华为可能存在更严重的潜在不当行为。如果调查者发现华为故意违反美国的出口禁令,可能对华为处以额外的刑事处罚.

使用go和mongodb搭建的博客程序-MGBlog

Blog using go and mongodb。

最近使用go语言 + mongodb + editor.md撸了一套在线实时博客。
Demo地址:https://1024coder.com

###Feature List:
####1. 多用户支持。。。好吧,这个功能基本不会有人用到。
####2. 摘要提取(在utils包下的subhtml中)。

####3. 方便维护。

####4. 实时预览 + 图片缩放。
####5. 访问者地图。

iptables教程

http://homes.di.unimi.it/sisop/qemu/iptables-tutorial.pdf

bash教程

https://www.gnu.org/software/bash/manual/bash.pdf

from https://www.gnu.org/software/bash/manual/

python guide

http://docs.python-guide.org/en/latest/

Tunneling RDP over SSH with xrdp and xfreerdp

Suppose you have a remote desktop but you only have SSH access and you need to connect to that desktop with GUI. For example, you have a server at home and you’ve setup port forwarding on your router so that you can SSH to your that home server from office or school, and you don’t want to expose too many ports to the Internet. You can setup xrdp server and tunnel your connection over SSH.
In the following texts, the home server is Fedora 20 and the client laptop is OS X Yosemite.

Install xrdp on home server

On your home server, run:
# yum install xrdp
# systemctl start xrdp.service
# systemctl enable xrdp.service

Configure firewall

Add SSH service and open port 3389 to the current zone and make it permanent. By opening port 3389, you can connect directly to the home server without SSH when your laptop is in the same network at home.
# firewall-cmd --add-service=ssh --permanent
# firewall-cmd --add-port=3389/tcp --permanent
# firewall-cmd --reload

Install xfreerdp using homebrew

Make sure you’ve installed XQuartz. You can download the dmg at http://xquartz.macosforge.org/landing/ .
On your OS X laptop:
$ brew update
$ brew install freerdp

Start SSH forwarding

After you make sure you can SSH to your home server (say 1.1.1.1), you can start SSH forwarding. Run the following command in one terminal session:
$ ssh -qnN -L 3389:127.0.0.1:3389 1.1.1.1

Connect to home server using xfreerdp

$ xfreerdp localhost
Then, you should have a X11 window show up as in the screenshot below. Enter your username and password to login to your home server.

from https://blog.shichao.io/2015/01/06/tunneling_rdp_over_ssh_with_xrdp_and_xfreerdp.html

中美双方面临某种制度性摊牌

(1)
中美两国现在是剑拔弩张势不两立,俨然成为了敌对国家。
川普既然敢搞《台湾旅行法》,那么,还有什么他不敢搞的?国内不管官方还是民间,都没有好好研究特朗普这个人,包括他的价值取向、性格、心理。根据我对他的了解,他所有的举动都符合他的逻辑。当然,因为特朗普异于常人,所以,一般人是看不清的。他在下一盘很大很大的棋,并且,他不仅会得到国内民众的支持,而且还会得到盟国的支持
(2)
中美贸易战不是简单的贸易摩擦,而是必然会蔓延到金融战、经济战、政治战,这是一场看不见硝烟的战争,最后是完全失控的。以特朗普的性格,他必然是不达目标不罢休,他要的显然不是贸易平衡,而是国际新秩序。我预测美国的胜算更大些,中国对美国市场的依赖程度目前仍然远远高于美国对中国市场的依赖程度,重要的是理在那边。中国入世之后履行了入世承诺吗?实行“对等开放”了吗?中国对外资的壁垒到底有多高?金融领域的壁垒在主要经济体中高居第二,总体壁垒高居第四。美国的互联网公司根本进入不了中国。政府对中国经济的干预,在国际市场上产生了政策溢出效应。
施瓦布略带沮丧地说,“我从来没有想要通过自由贸易体制去影响中国的政治制度,但我没有想到我们会面临这样一种局面:一个如此规模巨大而且有如此广泛政府干预的经济体。”
中美双方面临某种制度性摊牌,这次301调查的指控全部都指向政府干预问题。中国模式不是制度优势,恰恰是美国要攻击的目标
中美三轮出牌,既是恫吓,也是试探对方底牌。虽然中国威胁要抛售美国国债,但美国手里的牌更多。如互联网的根服务器在美国,美国把它切断,中国还怎么玩?中国坐拥地球上最多的人口和最大的市场,但一国之命脉可能不是掌握在自己手里。
特朗普和他的幕僚们,通过双边施压,促使中国单边开放并改变经济运行模式,最终改变多边规则以约束中国。
中国要赢得胜利,只有一条路,就是更大的改革,更大的开放。如果实行美国那样的制度,美国肯定是最欢迎的,两国立即成为盟友.

Ubuntu桌面系统开启ufw防火墙后,VPN连接不上或不能联网的解决办法

发现当ufw启动后,VPN就连接不上了,开启端口后,VPN虽然能连接上,但无法访问互联网。
查看了ufw日志后总算找到了解决办法,主要就是PPTP协议端口和DNS端口,以及ufw转发策略的问题。
ufw默认日志路径是/var/log/ufw.log,开启ufw后连接不上VPN是因为:
`
May 8 22:23:14 mysite kernel: [137400.496578] [UFW BLOCK] IN=eth0 OUT= MAC=04:01:4d:aa:cf:01:3c:8a:b0:0d:6f:f0:08:00 SRC=112.65.191.26 DST=192.241.215.26 LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=31806 PROTO=TCP SPT=2760 DPT=1723 WINDOW=32120 RES=0x00 SYN URGP=0`
可以看到ufw阻止了从客户端到主机的1723端口的访问,百度后发现PPTP VPN建立需要
TCP协议 1723端口
GRE协议 协议号47
注意:很多文章说到需要打开47号端口,这里完全是把协议号和端口号弄混了,完全没必要也没用!!
所以在ufw里allow 1723端口:
ufw allow 1723
然后重新启动ufw
ufw disable
ufw enable
接下来再连接VPN应该会卡在验证账号密码或直接报错,再查看ufw日志:
May 8 23:41:35 mysite kernel: [142101.477024] [UFW BLOCK] IN=eth0 OUT= MAC=04:01:4d:aa:cf:01:3c:8a:b0:0d:6f:f0:08:00 SRC=112.64.189.87 DST=192.241.215.26 LEN=128 TOS=0x00 PREC=0x00 TTL=242 ID=48426 PROTO=47
意思是ufw阻止了从客户端到主机的47号协议,这里很清楚是PROTO=47,即GRE协议
找了好大一圈才发现问题还是出在ufw上,需要修改ufw的默认转发策略,文件在/etc/default/ufw
如果不需要用到ipv6的话可以顺便把
IPV6=yes
改为:
IPV6=no
接下来修改
DEFAULT_INPUT_POLICY="DROP"
DEFAULT_OUTPUT_POLICY="DROP"
DEFAULT_FORWARD_POLICY="DROP"
修改为:
DEFAULT_INPUT_POLICY="ACCEPT"
DEFAULT_OUTPUT_POLICY="ACCEPT"
DEFAULT_FORWARD_POLICY="ACCEPT"
还需要注意sysctl的问题,修改:
IPT_SYSCTL=/etc/ufw/sysctl.conf
修改为:
IPT_SYSCTL=/etc/sysctl.conf
(可能不需要,我是这样修改过的)
然后保存修改,重启ufw服务:
ufw disable
ufw enable
注意:这里修改默认转发策略DROPACCEPT可以解决很大一部分开启ufw后VPN连接出错或连接上VPN后不能访问互联网(还可能是DNS的问题,下面要说到)的问题!
出现连接上VPN后连Google都打不开的问题的话,可以再查看ufw日志:
May 8 22:27:47 mysite kernel: [137673.617470] [UFW BLOCK] IN=ppp0 OUT=eth0 MAC= SRC=10.100.0.2 DST=8.8.8.8 LEN=70 TOS=0x00 PREC=0x00 TTL=63 ID=48198 PROTO=UDP SPT=50459 DPT=53 LEN=50
显然ufw把DNS访问也阻止了,这里打开53号端口:
ufw allow 53
继续重启ufw
ufw disable
ufw enable
再连上VPN就解决所有问题了。
再重复一遍,打开ufw后VPN不能连接或连接上不能联网的主要问题就是出在ufw的默认转发策略上。
如果VPN仍然连接不上,可以在连接失败后及时查看ufw日志,如果日志中没有相关记录,就基本可以断定是客户端路由器和ISP的问题(主要出在ISP不支持GRE协议,我这里就有这个问题)。

The basics of encryption


In this guide, you'll learn the basics of encryption as well as how to encrypt and decrypt messages.

The key to encryption

A key, when talking about encryption, is an extremely long string of random characters. Keys are used to encrypt (or lock) and decrypt (or unlock) information to keep it safe.
As an example, a message with sensitive information needs to be sent securely from one person to another. The sender will encrypt the message with one key, and the receiver will decrypt it with another.

Symmetric and asymmetric keys

Let's introduce two types of encryption: symmetric and asymmetric.
A symmetric key uses the same string for both encryption and decryption which means that both the sender and receiver need the same key. This type of encryption is not very safe because sharing the one key in a secure and secretive manner is very difficult to do.
With asymmetric encryption, the key is split in half to create a key pair consisting of a private key and a public key. A message is then encrypted with the public key, but it can only be decrypted with the corresponding private key.
If you are on the receiving end, you would first create an asymmetric key for yourself. You would then give out the public key to anyone you'd like to receive a message from, but you would keep the matching private key entirely to yourself.

Proving your identity

Asymmetric encryption comes with the added benefit of being able to prove that the two parties involved in communication are both who they claim to be.
If Sarah wants to send a message to John, she would use John's public key to first encrypt the message before sending it to him. John would then use his private key to decrypt the message.
In this manner, Sarah can be sure that only John can read the message. Likewise, John knows that the message was intended for him.
In addition, Sarah can go a step further and sign the message with her private key. John can then use Sarah's public key to ensure that the message was sent by her, as only the combination of Sarah's true public and private keys would give a valid result.
Both parties can be sure that Sarah is Sarah and that John is John. Mission accomplished!

Create your own asymmetric key

Now we'll walk you through the steps to create your own asymmetric key. To do so, you will be using GnuPG, or GPG as it's often called, a free software program based upon the PGP encryption standard that allows users to encrypt and sign data, and even to manage keys.

Install GnuPG

Follow the instructions below on how to install GnuPG on your operating system.
Linux– Open a terminal window and run the following command.
sudo apt-get install gnupg2
Windows– Download latest version of GnuPG from the GNU Privacy Guard for Windows website and install it.
OS/X– Download latest version of GnuPG from GnuPG and install it.

Create a public-private key pair

Now you will create your asymmetric key pair.
For all operating systems mentioned above, run the following command in the terminal.
gpg2 --gen-key
On some versions of GnuPG, you will first need to answer a few questions:
  • What kind of key you want? Choose RSA and RSA (default).
  • What keysize you want? Choose 2048. (If you have a need for extreme security, you can choose 4096.)
  • For how long should the key be valid? Choose 0 = key does not expire.
For all operating systems mentioned, continue by answering some general information like your name and email address. If you are creating a key to be used when sending email, then it makes sense to use the information that corresponds with that email account.
After you've supplied this information, you will need to enter a password to protect where your private key is stored on your computer.
The program will then spend up to one minute generating a random key for you, but usually it will take only a few seconds.

Share your public key

In order to allow people to send encrypted information to you, you need to first share your public key with them. To do this, you need to export the key as a file.
Run the following command in your terminal. Replace the email address with the one you entered when you created the key. Replace "sarah" with your own choice of filename.
gpg2 --armor --export sarah@mullvad.net > sarah.asc
A file will be created on your computer and placed in the folder that you are currently located in within the terminal.
If you open the file in a text editor, this is what you will see:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2
mQENBFjPvdIBCACpWkWtev2RZnrYfm6vP9C/dt9cMvlwn2Wk2b45FKSOo5y14WOR
kH6L36h7dNnwvWsSupPMLcuAS6LrUcR3w5staihu0EPDWkEnwuxF0Ljk6UTMjlme
MD+s2wCBN6P9w1R0emWkAFjFD+9MeCAJzRPZP0xuXkroKOPboAvCNx3BYAkHHzBJ
.
.
.
OGmJsDSCsSfgp/QtkDK3qKuMLFSO8MwYs4cI7ArTsDU6pNyEjoZmDdYhNZwYdGdh
2l6op4q2FIle1hXMMHohNckgIAjO3pExKbsa
=C4dt
-----END PGP PUBLIC KEY BLOCK-----

You can now send this file to your contacts.

Import someone else's public key

After someone sends you their public key, you can import it to your computer by running the following command in the terminal. Be sure to replace "john.asc" with the name of the file you received.
gpg2 --import john.asc

View your list of keys

To see a list of contacts whose public keys you have imported, as well as any keys that you have created for yourself, run the following command.
gpg2 -k
To see a list of your own private keys, run the following command.
gpg2 -K

Using a public key's fingerprints

You will want to make sure that the public keys you have belong to the people you think they do. Checking the validity of your public keys can be tricky. The easiest way is to import the key in question and then verify it by talking to its owner face-to-face or by phone.
Of course, reading aloud the many lines of random characters that a key is composed of would take a lot of time and leave room for making errors. Instead, you can verify the fingerprint which is a much shorter representation of a public key.
To see a list of fingerprints for all public keys that you have imported, run the following command.
gpg2 --fingerprint

Encrypt a message

Create a text file with your preferred text editor and save it. Back in the terminal, navigate to where you saved the file. Run the following command, replacing "john@mullvad.net" with that of your recipient and "message.txt" with the name of the file you created.
gpg2 --armor --encrypt --recipient john@mullvad.net message.txt
The message is now saved in a new file called message.txt.asc, encrypted, and addressed to your recipient using his or her public key.
All you have to do now is attach the file to an email addressed to the recipient.

Decrypt a message from a friend

Once you have received an encrypted message, save it to your computer. In the terminal, navigate to where you saved the file.
Run the following command, replacing "message.txt.asc" with the name of the encrypted file you received and "message.txt" with a filename ending in .txt that you want the decrypted file to be called.
gpg2 --decrypt message.txt.asc > message.txt
Since your private key will be used to decrypt the message and because your private key is password protected, you will be prompted to enter the password.

Encrypt a message for Mullvad

Download and import Mullvad's public key (available at the bottom of our website). Follow the steps above for encrypting a message and sending it, but use support@mullvad.net as the recipient. No one other than our support team will be able to decrypt the message.
If you would like us to reply with an encrypted message, you will need to send your public key to us.

The importance of key management

Key management is 99% of the entire process. How well you protect your private key and manage your list of public keys – making sure they belong to the people you think they do – determines the level of security you obtain.

ppp


This is the README file for ppp-2.4, a package which implements the
Point-to-Point Protocol (PPP) to provide Internet connections
over
serial lines.


Introduction.
*************

The Point-to-Point Protocol (PPP) provides a standard way to establish
a network connection
over a serial link. At present, this package
supports IP and IPV6 and the protocols layered above them, such as TCP
and UDP. The Linux port of this package also has support for IPX.

This PPP implementation consists of two parts:

- Kernel code, which establishes a network interface and passes
packets between the serial port, the kernel networking code and the
PPP daemon (pppd). This code is implemented using STREAMS modules on
Solaris, and as a line discipline under Linux.

- The PPP daemon (pppd), which negotiates with the peer to establish
the link and sets up the ppp network interface. Pppd includes support
for authentication, so you can control which other systems may make a
PPP connection and what IP addresses they may use.

The platforms supported by this package are Linux and Solaris. I have
code for NeXTStep, FreeBSD, SunOS 4.x, SVR4, Tru64 (Digital Unix), AIX
and Ultrix but no active maintainers for these platforms. Code for
all of these except AIX is included in the ppp-2.3.11 release.

The kernel code for Linux is no longer distributed with this package,
since the relevant kernel code is in the official Linux kernel source
(and has been for many years) and is included in all reasonably modern
Linux distributions. The Linux kernel code supports using PPP over
things other than serial ports, such as PPP over Ethernet and PPP over
ATM.


Installation.
*************

The file SETUP contains general information about setting up your
system for using PPP. There is also a README file for each supported
system, which contains more specific details for installing PPP on
that system. The supported systems, and the corresponding README
files, are:

Linux README.linux
Solaris README.sol2

In each case you start by running the ./configure script. This works
out which operating system you are using and creates the appropriate
makefiles. You then run `make' to compile the user-level code, and
(as root) `make install' to install the user-level programs pppd, chat
and pppstats.

N.B. Since 2.3.0, leaving the permitted IP addresses column of the
pap-secrets or chap-secrets file empty means that no addresses are
permitted. You need to put a "*" in that column to allow the peer to
use any IP address. (This only applies where the peer is
authenticating itself to you, of course.)


What's new in ppp-2.4.7.
************************

* Fixed a potential security issue in parsing option files (CVE-2014-3158).

* There is a new "stop-bits" option, which takes an argument of 1 or 2,
indicating the number of stop bits to use for async serial ports.

* Various bug fixes.


What was new in ppp-2.4.6.
**************************

* Man page updates.

* Several bug fixes.

* Options files can now set and unset environment variables for
scripts.

* The timeout for chat scripts can now be taken from an environment
variable.

* There is a new option, master_detach, which allows pppd to detach
from the controlling terminal when it is the multilink bundle master
but its own link has terminated, even if the nodetach option has
been given.


What was new in ppp-2.4.5.
**************************

* Under Linux, pppd can now operate in a mode where it doesn't request
the peer's IP address, as some peers refuse to supply an IP address.
Since Linux supports device routes as well as gateway routes, it's
possible to have no remote IP address assigned to the ppp interface
and still route traffic over it.

* Pppd now works better with 3G modems that do strange things such as
sending IPCP Configure-Naks with the same values over and over again.

* The PPP over L2TP plugin is included, which works with the pppol2tp
PPP channel code in the Linux kernel. This allows pppd to be used
to set up tunnels using the Layer 2 Tunneling Protocol.

* A new 'enable-session' option has been added, which enables session
accounting via PAM or wtwp/wtmpx, as appropriate. See the pppd man
page for details.

* Several bugs have been fixed.


What was new in ppp-2.4.4.
**************************

* Pppd will now run /etc/ppp/ip-pre-up, if it exists, after creating
the ppp interface and configuring its IP addresses but before
bringing it up. This can be used, for example, for adding firewall
rules for the interface.

* Lots of bugs fixed, particularly in the area of demand-dialled and
persistent connections.

* The rp-pppoe plugin now accepts any interface name (that isn't an
existing pppd option name) without putting "nic-" on the front of
it, not just eth*, nas*, tap* and br*.


What was new in ppp-2.4.3.
**************************

* The configure script now accepts --prefix and --sysconfdir options.
These default to /usr/local and /etc. If you want pppd put in
/usr/sbin as before, use ./configure --prefix=/usr.

* Doing `make install' no longer puts example configuration files in
/etc/ppp. Use `make install-etcppp' if you want that.

* The code has been updated to work with version 0.8.3 of libpcap.
Unfortunately the libpcap maintainers removed support for the
"inbound" and "outbound" keywords on PPP links, meaning that if you
link pppd with libpcap-0.8.3, you can't use those keywords in the
active-filter and pass-filter expressions. The support has been
reinstated in the CVS version and should be in future libpcap
releases. If you need the in/outbound keywords, use a later release
than 0.8.3, or get the CVS version from http://www.tcpdump.org.

* There is a new option, child-timeout, which sets the length of time
that pppd will wait for child processes (such as the command
specified with the pty option) to exit before exiting itself. It
defaults to 5 seconds. After the timeout, pppd will send a SIGTERM
to any remaining child processes and exit. A value of 0 means no
timeout.

* Various bugs have been fixed, including some CBCP packet parsing
bugs that could lead to the peer being able to crash pppd if CBCP
support is enabled.

* Various fixes and enhancements to the radius and rp-pppoe plugins
have been added.

* There is a new winbind plugin, from Andrew Bartlet of the Samba
team, which provides the ability to authenticate the peer against an
NT domain controller using MS-CHAP or MS-CHAPV2.

* There is a new pppoatm plugin, by various authors, sent in by David
Woodhouse.

* The multilink code has been substantially reworked. The first pppd
for a bundle still controls the ppp interface, but it doesn't exit
until all the links in the bundle have terminated. If the first
pppd is signalled to exit, it signals all the other pppds
controlling links in the bundle.

* The TDB code has been updated to the latest version. This should
eliminate the problem that some people have seen where the database
file (/var/run/pppd.tdb) keeps on growing. Unfortunately, however,
the new code uses an incompatible database format. For this reason,
pppd now uses /var/run/pppd2.tdb as the database filename.


What was new in ppp-2.4.2.
**************************

* The CHAP code has been rewritten. Pppd now has support for MS-CHAP
V1 and V2 authentication, both as server and client. The new CHAP
code is cleaner than the old code and avoids some copyright problems
that existed in the old code.

* MPPE (Microsoft Point-to-Point Encryption) support has been added,
although the current implementation shouldn't be considered
completely secure. (There is no assurance that the current code
won't ever transmit an unencrypted packet.)

* James Carlson's implementation of the Extensible Authentication
Protocol (EAP) has been added.

* Support for the Encryption Control Protocol (ECP) has been added.

* Some new plug-ins have been included:
- A plug-in for kernel-mode PPPoE (PPP over Ethernet)
- A plug-in for supplying the PAP password over a pipe from another
process
- A plug-in for authenticating using a Radius server.

* Updates and bug-fixes for the Solaris port.

* The CBCP (Call Back Control Protocol) code has been updated. There
are new options `remotenumber' and `allow-number'.

* Extra hooks for plugins to use have been added.

* There is now a `maxoctets' option, which causes pppd to terminate
the link once the number of bytes passed on the link exceeds a given
value.

* There are now options to control whether pppd can use the IPCP
IP-Address and IP-Addresses options: `ipcp-no-address' and
`ipcp-no-addresses'.

* Fixed several bugs, including potential buffer overflows in chat.


What was new in ppp-2.4.1.
**************************

* Pppd can now print out the set of options that are in effect. The
new `dump' option causes pppd to print out the option values after
option parsing is complete. The `dryrun' option causes pppd to
print the options and then exit.

* The option parsing code has been fixed so that options in the
per-tty options file are parsed correctly, and don't override values
from the command line in most cases.

* The plugin option now looks in /usr/lib/pppd/<pppd-version> (for
example, /usr/lib/pppd/2.4.1b1) for shared objects for plugins if
there is no slash in the plugin name.

* When loading a plugin, pppd will now check the version of pppd for
which the plugin was compiled, and refuse to load it if it is
different to pppd's version string. To enable this, the plugin
source needs to #include "pppd.h" and have a line saying:
char pppd_version[] = VERSION;

* There is a bug in zlib, discovered by James Carlson, which can cause
kernel memory corruption if Deflate is used with the lowest setting,
8. As a workaround pppd will now insist on using at least 9.

* Pppd should compile on Solaris and SunOS again.

* Pppd should now set the MTU correctly on demand-dialled interfaces.


What was new in ppp-2.4.0.
**************************

* Multilink: this package now allows you to combine multiple serial
links into one logical link or `bundle', for increased bandwidth and
reduced latency. This is currently only supported under the
2.4.x and later Linux kernels.

* All the pppd processes running on a system now write information
into a common database. I used the `tdb' code from samba for this.

* New hooks have been added.

For a list of the changes made during the 2.3 series releases of this
package, see the Changes-2.3 file.


Compression methods.
********************

This package supports two packet compression methods: Deflate and
BSD-Compress. Other compression methods which are in common use
include Predictor, LZS, and MPPC. These methods are not supported for
two reasons - they are patent-encumbered, and they cause some packets
to expand slightly, which pppd doesn't currently allow for.
BSD-Compress and Deflate (which uses the same algorithm as gzip) don't
ever expand packets.
 
from https://github.com/paulusmack/ppp 

Viewing all 20531 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>