Wednesday, December 11, 2013


                                                        "My Legs Are Weak"
我无法站立


I'm collecting people's tears they cried because they miss you,
They fill the seas and all the lakes,
With memories the wind blew,
I'd run out of jars before a second could pass,
Didn't have enough time with you to turn the hourglass.
人们因为想念你而哭泣,我收集了他们的泪花
微风吹拂着他们的记忆,填埋进了大海和湖泊
顷刻间我就用完了瓶子,来不及和你停转沙漏

Pictures in my head
Suddenly appear
Why d'you have to go away
It's all not very clear.
一幅幅画面突然间呈现,始终不知为何你要离去

Goodbye sweet angel
Sail away on teary seas
Tattooed the time we had
On my memory
My legs are weak.
再见!亲爱的天使!
在泪海中扬帆,在记忆中绣上我们一起的时光
我已经无法站立
When I close my eyes I see you,
The dimples in your cheeks,
I forgot to thank you for the things
Cause I didn't see you for weeks
Woke up this morning and hoped for a dream
But reality sat next to me and forced me to believe.
闭上双眼看见你的酒窝
几周不见让我忘了说声感谢
早上醒来希望我是在梦中
但现实就在我左右
让我不得不相信
Knocked down too soon
Like a skittle on the lanes
The man who took the wrong stop
From life's fast moving train.
陨落的太快
就像小道上的木桩
他在生命的快车上下错了站
Goodbye sweet angel
Sail away on teary seas
Tattooed the time we had
On my memory
My legs are weak.
再见!亲爱的天使!
在泪海中扬帆,在记忆中绣上我们一起的时光
我已经无法站立
Funeral Flowers
Won't make me believe
They can carry out the casket
And I'll still expect to see

You
You
葬礼上的鲜花
无法使我相信
人们带走你的骨灰盒
但我依然希望看到

Come round tomorrow and tell me all your news
明天过来吧,告诉我你的一切消息
I don't ask for much from you
Sleep to my lullaby
Only give me one more chance
To say a last goodbye
我没有太多要求,睡在我的摇篮
只求再给我一个机会,和你最后一次道别
So
那么
Goodbye sweet angel
Sail away on teary seas
Tattooed the time we had
On my memory
My legs are weak.
再见!亲爱的天使!
在泪海中扬帆
在记忆中纹上我们一起的时光
我已经无法站立

Sunday, July 28, 2013

openwrt 的 vpn passthrough

openwrt默认有个非常奇怪的问题,比如两台以上的设备同时连接openwrt路由,两台设备都配置好pptp的vpn客户端,但是同时只能其中一台能拨vpn,另外一台死活拨不了,一开始以为是vpn服务器的设置问题,后来我换个普通的路由器测试下,居然可以同时拨号,说明服务器没问题,是openwrt的问题,google了一下,找到这个解决方案:

http://wiki.openwrt.org/doc/howto/vpn.nat.pptp

简单来说就是装个:
opkg install kmod-ipt-nathelper-extra

如果以上导致所有客户端都不能拨号,尝试:
opkg install kmod-ipt-conntrack-extra kmod-nf-conntrack-netlink
opkg install libnetfilter-conntrack

 
非常奇怪的问题,我很郁闷,花了我很多时间找问题。

openwrt 配置 repeater的几个关键点

openwrt 版本

Linux OpenWrt 3.9.11 #1 Sat Jul 27 00:14:43 PDT 2013 mips GNU/Linux
Atheros的网卡

首先,要设置虚拟局域网
/etc/config/network
添加一个wwan,也就是wireless wan

config interface 'wwan'
        option proto 'dhcp'

其次,要设置防火墙
/etc/config/firewall
将刚才的wwan添加到wan这个zone里面去

 config zone
        option name             wan
        list   network          'wan'
        list   network          'wwan'
 最后,在设置sta的无线网络
/etc/config/wireless

config wifi-iface
        option device   radio0
        option network  wwan
        option mode     sta
        option ssid     wireless-ssid-xxxx
#       option encryption wep
#       option encryption none
        option encryption psk
        option key passwordxxxx

然后重启网络
/etc/init.d/network restart
这条命令会重启 核心网络,dhcp,firewall,无线网络,基本上等于重启系统了。

总结一下,我觉得原理是这样的,先要创建一个wwan的网络,这个名字可以随便写,写成wwan1,wwan2都行,只要在相应设置里面对应起来就可以,最关键的是,这个新建的网络要加入到防火墙的wan这个zone(区域)里面,防火墙定义了内网和外网怎么沟通,这些桥梁搭建好了之后,才是用无线网卡的sta(也就是station模式)做repeater中继。

接下来,有几个问题
现有的有线外网(wan)和无线外网(wwan)是否可以做流量合并?nwan?
是否可以创建多个无线外网(比如wwan1,wwan2),并且把它们都合并?

参考:https://forum.openwrt.org/viewtopic.php?id=39077



Wednesday, March 13, 2013

批量ping脚本

有时候为了确认局域网哪些机器是活动的,需要用到批量ping,下面是脚本:

#!/bin/bash
ip=$1
for i in `seq 1 255`
do
# set ping timeout to 1 sec
  ping $ip.$i -c1  |grep "64 bytes from"
 done


保存,命名为rangeping, 放到/usr/bin,然后
chmod +x /usr/bin/rangeping

这样只需要运行:
rangeping 192.168.1

就能把192.168.1.1~192.168.1.255 ping个遍历,并且只输出活动的设备,每行一个
输出结果如下:

64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=15.533 ms
64 bytes from 192.168.1.4: icmp_seq=0 ttl=128 time=13.152 ms
64 bytes from 192.168.1.5: icmp_seq=0 ttl=128 time=14.160 ms
...

如果只想输出ip地址,那么:

rangeping 192.168.1 |  awk '{print $4}'

输出就是:

192.168.1.1
192.168.1.4
192.168.1.5

如需要将这些输出保存为文本,运行下面即可:

rangeping 192.168.1 >> report.txt


END.

Tuesday, January 22, 2013

Jailbreak iPhone,Linux, OS X, Shadowsocks-nodejs, PAC, GFW, 翻墙

My last blog talked about getting through the GFW with Shadowsocks python version on a jailbreak iPhone, this time, i'm going to talk about a better alternative, Shadowsocks-nodejs, here we go:


How does it work?


  • Create a Socks 5 proxy inside the iPhone with Shadowsocks-nodejs.
  • Create a PAC file inside the iPhone to tell which connection goes Proxy and which one goes Direct.
  • Create a bash script to add website to PAC file, so we don't need to edit the file maunally.
  • Assign the PAC file to WiFi and 3g/edge/gprs network.
  • PAC on iPhone is a system wide proxy, it will work for all apps.

How we gonna make it?

1 Create a Socks 5 proxy.


  • Go get the Shadowsocks-nodejs code and config it, see the project homepage.
  • on the server side, we need to get nodejs installed, find it at nodejs.org, and run:
nohup node server.js > /dev/null 2>&1 &
  • on the iPhone side, we  also need to install nodejs, find it in cydia store, the version should be 0.6.14, it works like a charm, after we got it, run inside iPhone:
nohup node local.js > /dev/null 2>&1 &
  • now we  have a running Socks 5 proxy inside iPhone, for example, 127.0.0.1:9090

2 Create a PAC file.


  • A basic PAC file is something like this:

function FindProxyForURL(url, host) {  // this is the beginning of PAC file

var XXGFW = "SOCKS 127.0.0.1:9090"; // this defines a variable to look clean and easy to modify

if (
isPlainHostName(host) ||
shExpMatch(host, "*.local") ||
isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") ||
isInNet(dnsResolve(host), "172.16.0.0",  "255.240.0.0") ||
isInNet(dnsResolve(host), "192.168.0.0",  "255.255.0.0") ||
isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0")) {

return "DIRECT";

} // this tells all local site to go DIRECT

if (
//added by hand
dnsDomainIs(host, "gmail.com") ||
dnsDomainIs(host, "blogger.com") ||
dnsDomainIs(host, "blogspot.com") ||
dnsDomainIs(host, "appspot.com") ||
dnsDomainIs(host, "bit.ly") ||
dnsDomainIs(host, "wikipedia.org") ||
dnsDomainIs(host, "twitter.com") ||
dnsDomainIs(host, "facebook.com") ||
dnsDomainIs(host, "google.com.hk") ||
dnsDomainIs(host, "youtube.com")) {

return XXGFW;

} // this tells the listed websites to go our Socks 5 proxy, "||" means OR

else {

return "DIRECT";

} // this tells everything else to go DIRECT

} // this is the end of PAC file

  • Save the above code to autoproxy.pac (for example) and move it to /var/root/ inside the iPhone, and run:

sudo chown mobile:mobile /var/root/autoproxy.pac
sudo chmod 777 /var/root/autoproxy.pac


3 Create a bash script to add website to PAC file

  • Now we got a working PAC, next we need to create a bash script, so that we can add any GFWed website into this PAC file, the script is like this:
#!/bin/bash
domain=$1
ed -s /var/root/autoproxy.pac << EOF
/\/\/added by hand/a
dnsDomainIs(host, "${domain}") ||
.
w
EOF
  • Save it and name it as agfw, move it to /usr/bin and give it the ability to excute:
sudo chmod +x /usr/bin/agfw
  • To run this script, we need to install ed in cydia store, once we find a website that is blocked by GFW, take the newly GFWed github.com for example, we can add it to PAC file just by running:
agfw github.com
  • Go and check the autoproxy.pac, we'll see that github.com is in there. Now we can view github.com with any  iPhone apps. We can add any website we want to the PAC file with this script, just a single command, it's pretty awesome :)

4 Assign the PAC file to WiFi and 3G/EDGE/GPRS network


  • For WiFi, go to Settings > WiFi > Your connected WiFi > HTTP Proxy > Auto, fill it with:
file:///var/root/autoproxy.pac
  • For  3G/Edge/GPRS, we need to edit the following file with iFile:
/var/preferences/SystemConfiguration/preferences.plist
  • Add the following colored code to the correct position of the this file:
<string>com.apple.CommCenter (ip1)</string> 
</dict> 
<key>Proxies</key> 
<dict> 
<key>ProxyAutoConfigEnable</key>
 <integer>1</integer> 
<key>ProxyAutoConfigURLString</key> 
<string>file:///var/root/autoproxy.pac</string> 
</dict>
 <key>UserDefinedName</key> 
<string>com.apple.CommCenter (ip1)</string>
  • Save and reboot to make it work.


What we got?


  • The proxy will work 24/7 as long as our VPS server works 24/7, always online, no login needed (compared to ssh tunnel & VPN), it just forwards GFWed connection to the server and get feed back.
  • This is the best solution for iPhone to make us feel that GFW seems not existed.
  • Gmail Push goes normal (in seconds) after i put main google domains into the PAC file, even when iPhone is sleeping.
  • The PAC file, the Socks 5 proxy and the Bash script that is used to add website to PAC file are all inside iPhone, once we found a website we can't open, just open Mobileterminal.app (which can be found on cydia store), run agfw balabala.com, done! pretty simple.
  • This solution also works for Linux and OS X client, because iOS is a lite version of OS X :)
END
Follow me @cattyhouse

Monday, November 26, 2012

iphone下面通过bash script 自动添加被墙网站到pac文件

最近研究pac文件疯了,我iphone里面有一个autoproxy2pac项目生成的pac文件

这个文件是基于gfwlist的,gfwlist也会有漏网之鱼,所以有时候需要手动添加

但是在iphone下面用ifile编辑这个pac文件是非常痛苦的事情,所以我研究是不是有bash script能更好的帮助我更新这个pac文件

研究结果出来了,完全可行,感谢 irc.freenode.net  #bash 频道的三位国外大神的帮助

首先几个前提:
1 我已经有一个基础的 pac文件位于 /var/root/ap , 且权限为 777,所有者和组为 mobile,所有手动添加的被墙网站我都会放在文件里面一句 //added by hand 下面。(注意下面的脚本用到了这句话,以确保加入到pac的代码能在合适的位置)
2 说到bash,那肯定是要在命令行下面执行的,所以需要ssh进入iphone
3 这个script需要用到ed,所以安装ed,用 apt-get ed


脚本内容:

#!/bin/bash
domain=${1//./\\.}
ed -s /var/root/ap << EOF
/\/\/added by hand/a
if(/\.${domain}/i.test(url)) return PROXY;
if(/^[\w\-]+:\/+(?!\/)(?:[^\/]+\.)?${domain}/i.test(url)) return PROXY;
if(/^https?:\/\/[^\/]+${domain}/i.test(url)) return PROXY;
.
w
EOF


将以上内容保存到 /usr/bin/upac
并运行 chmod +x /usr/bin/upac

以后要添加被墙网站到pac 就直接终端运行:

upac twitter.com
upac google.com
upac google.com.hk
upac bit.ly

等等等等!!!

我的PAC文件,有兴趣可以以此为基础添加今后可能会被墙的网站

https://www.dropbox.com/s/u6u6rsy5m22jf8u/ap

update:
已经有更简洁的方式了,不需要依赖任何gfwlist 见:
http://catty-house.blogspot.com/2012/11/iphonevpspythonpac.html






Thursday, November 22, 2012

windows 7 wifi 热点

目的:

将windows 7 PC的有线连接共享给无线网卡,同时让无线网卡作为AP,供iPhone使用。

方法:

以下命令逐条执行(需administrators组权限):
netsh wlan set hostednetwork mode=allow
netsh wlan set hostednetwork ssid=yourssid key=yourpasswd keyUsage=persistent
netsh wlan start hostednetwork
此时 位于 Control Panel\Network and Internet\Network Connections 会出现一个:
Wireless Network Connection 2

然后到 Local Area Connection 属性界面,开启共享,共享给 Wireless Network Connection 2

用iPhone连接此无线即可上网。

Sunday, July 29, 2012

script that automatically mount flash disk and execute commands on plugged in (插入优盘自动挂载并执行命令)

Tags: udev, UUID.

1 Find out unique ID of the flash disk for udev :
$ udevadm info -a -p  $(udevadm info -q path -n /dev/sdc) |grep  serial
Here is the output:
serialATTRS{serial}=="2004290613079860C679"
(change /dev/sdc for your condition)

2 create udev rules
$ sudo vim /etc/udev/rules.d/81-sandisk.rules
Put the following in this file :
KERNEL=="sd*", ATTRS{serial}=="2004290613079860C679", SYMLINK+="sandisk", RUN+="/bin/bash /home/j/script/sandisk.sh"

3 Find out the unique ID of the flash disk for linux filesystem
ls /dev/disk/by-uuid/
Here is one of the output:
48DD-2448 -> ../../sdc1

4 Create a script
$ cd ~/script/ (note this path must be in $PATH)
$ vim sandisk.sh
Put the following into the script:
#!/bin/bash
device=`ls /dev/disk/by-uuid/48DD-2448 -l | awk -F/ '{print $NF}'`  #assign a variable to $device, because the location of flash disk changes often, sometimes /dev/sdb, sometimes /dev/sdc...
sudo mount -t vfat /dev/$device /mnt/sandisk/ # mount the flash disk
# add your stuff below, ie, tar /etc/ ~/ and mv to the flash disk
# script END
4.1 $ sudo chmod +x sandisk.sh

5 Point:
5.1 what? mount and execute commands as flash disk be blugged in
5.2 why? udev and filesystem both has it's unique id for a special disk, that makes sense
5.3 connection between UUID and udev is possible :)
5.4 this script will work only on THE flash disk, because udev attrs serial and uuid are UNIQUE

Have Fun!

Source:
1 udev
2 uuid



Saturday, July 21, 2012

Awesome Gentoo

Awesome Gentoo!
it's super fast! stable! cute!
with firefox, google chrome, fluxbox, openbox installed
only 4GB for normal usage!

Sunday, February 28, 2010

Netgear WGR614L无线路由器firmware切换

半个月前,从taobao购得一台Netgear WGR614L(同WGR614V8)无线路由器,这是一台开源的路由器,支持各种开源的firmware,例如:DD-WRT,Tomato,OpenWRT等。
购买之前已经让店主给我刷好了DD-WRT V24SP2最新版,功能的确强大,但是十几天肤浅的使用,发现两个问题:
1 中继模式不稳定。中继模式我只试验过里面的中继桥接模式,这种模式配置起来简单,而且可以使电脑跟远程AP在同一个sublan中。在桥接模式下面,本地端连接方式有两种,第一种就是直接用有线连接在路由器的LAN口上,自动从远程AP获取IP地址,另外一种就是在我的路由器里面创建虚拟无线接口,让路由器接收远程AP信号的同时,发送无线信号,本地端就可以用本本的无线来连接。无论是哪种方式,都不稳定,有时候速度很快,有时候让我抓狂!
2 由于网线不够长,我想让这台路由器与大厅里面的另外一台串接起来,方法有二,第一,把这个路由器WAN口关闭,作为交换机使用,LAN口与大厅的路由器的LAN口连接,这样可行,但是让我觉得,我还不如买个交换机;第二,路由器的WAN口与大厅路由器LAN口连接,我的本本从我的路由器上获得IP地址,保持本本在另外一个独立的sublan中,可是很失败,为了这个我研究了一天,最终还是就没搞定。(用了Tomato之后,才知道这是DD-WRT的bug)
于是,我决定试试传说中超稳定的Tomato,Tomato没有中继模式,但是有客户端(桥接)模式。这两者唯一区别就是,中继模式可以再虚拟出一个无线信号出来,而客户端模式只能用网线连接。而事实上,中继模式虚拟出来的那个无线信号非常弱和不稳定,经不起下载的摧残。鉴于此,我决定舍弃中继模式。
但是我的这款路由器刷tomato并非那么容易,首先,我当前安装的是DD-WRT,无法直接刷到Tomato上,需要先刷netgear的官方固件,其次Tomato官方并未明确表示支持我的路由器,不过有个开源论坛,对我的这款路由器支持很好,我刷机基本上参考上面的文章。
那么,我开始写这次刷机的经历:
刷机可以在windows下面进行,也可以在linux下面进行,最好在linux下面,因为很多工具现成就有,而且开源的firmware都是基于linux。
第一步,刷机工具
1. mtd_erase –用于清空本机的固件,并打开一个tftp端口,以便上传新的固件。
2. ssh(linux)或者putty(windows)或者telnet –用于连接路由器的ssh或者telnet端口,以便进入路由器,执行命令
3. scp(linux)或者pscp(windows)–用于将mtd_erase上传到路由器的/tmp文件夹中,采用ssh协议,供运行。
4. tftp(linux)或者tftp32(windows)–用于上传新的firmware到路由器中,注意这个是tftp协议。
5. Tomato固件 ,这个是论坛牛人根据tomato源代码编译的适合WGR614L的最新固件
6. netgear官方固件,从dd-wrt到tomato,中间必须要刷着个固件
第二步,刷机过程
1. 确保路由器已经开启telnet,ssh,记住路由器的永久用户名为root(而非你设置的用户名),密码为你设置的密码。电脑已经连接路由,假设路由的ip为192.168.1.1
2. 上传mtd_erase到路由器
linux下面运行:
scp mtd_erase root@192.168.1.1:/tmp
windows下面运行:
pscp -scp mtd_erase root@192.168.1.1:/tmp
过程中,会要求输入密码。成功后会提示。
3. 用putty,ssh通过登录到路由器,或者telnet到路由器,效果一样。
你会进入路由器的linux root命令提示符 #,依次输入以下命令
cd /tmp
chmod 777 mtd_erase
(这一步就是让这个东东任何用户都可以执行,话说我是root登录的,但是如果不运行这个,执行会出错)
./mtd_erase -d linux
(清空路由器的linux分区,也就是相当清空了当前的dd-wrt固件)
但是这个时候,你的路由器还是正常运行的,因为linux运行在16M的内存中 然后进入路由器界面,找到重启的地方,点重启
4. 重启后,路由器的电源灯会不停的闪烁,这时候,该上传netgear的firmware了
linux下:
tftp -m binary 192.168.1.1 -c put wgr614l.chk
windows下:
打开tftp32,点tftp client,输入路由器ip,端口保留空白,local file选中wgr614l.chk,然后点put,几秒钟就上传了。
好了,路由器会自动重启。
5. 至此,netgear的firmware就已经刷进去了,接下来就很简单了,进入路由器,找到upgrade,选中Tomato的firmware就,等待升级完毕。注意,此处必须用IE浏览器,否则出问题。
6. 好了,基本上这么样就行了,从Tomato刷行到DD-WRT或者Open-WRT过程跟这个差不多。