MacBook10,1 ubench

Model Name: MacBook
Model Identifier: MacBook10,1
Processor Name: Intel Core i7
Processor Speed: 1.4 GHz
Number of Processors: 1
Total Number of Cores: 2
L2 Cache (per Core): 256 KB
L3 Cache: 4 MB
Memory: 16 GB
Boot ROM Version: MB101.0161.B00
SMC Version (system): 2.42f10

Unix Benchmark Utility v.0.3
Copyright (C) July, 1999 PhysTech, Inc.
Author: Sergei Viznyuk
http://www.phystech.com/download/ubench.html
Darwin 17.6.0 Darwin Kernel Version 17.6.0: Tue May 8 15:22:16 PDT 2018; root:xnu-4570.61.1~1/RELEASE_X86_64 x86_64
Ubench CPU: 1282985
Ubench MEM: 648806
——————–
Ubench AVG: 965895

Advertisements

#intel-core-m-processor-speed, #macbook, #ubench

FreeBSD driver for USB Ethernet adapter

# uname -sr
FreeBSD 11.1-STABLE

# usbconfig
ugen6.2:  <Realtek USB 101001000 LAN> at usbus6, cfg=1 md=HOST spd=HIGH (480Mbps) pwr=ON (200mA)

# usbconfig dump_device_desc
...
ugen6.2:  <Realtek USB 101001000 LAN> at usbus6, cfg=1 md=HOST spd=HIGH (480Mbps) pwr=ON (200mA)

  bLength = 0x0012
  bDescriptorType = 0x0001
  bcdUSB = 0x0210
  bDeviceClass = 0x0000  <Probed by interface class>
  bDeviceSubClass = 0x0000
  bDeviceProtocol = 0x0000
  bMaxPacketSize0 = 0x0040
  idVendor = 0x0bda
  idProduct = 0x8153
  bcdDevice = 0x3000
  iManufacturer = 0x0001  <Realtek>
  iProduct = 0x0002  <USB 10/100/1000 LAN>
  iSerialNumber = 0x0006 <000001>
  bNumConfigurations = 0x0002
...

# kldload if_cdce

# ifconfig ue0
ue0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
...

#freebsd, #if_cdce

使用 dnsmasq 和 dnscrypt 构建一个干净的域名服务器

unbound+dnsmasq+dnscrypt

  • unbound:由于 dnsmasq 的性能可能较为低下,因此增加 unbound 作为缓存。
  • dnsmasq:通过规则将 gfwlist 内的域名的解析转发给 dnscrypt 来处理。
  • dnscrypt:穿越防火墙向 dnscrypt resolver 请求域名解析。

本文实验所使用的软件和版本

  • FreeBSD 11.1-RELEASE-p4
  • ezjail-3.4.2
  • dnscrypt-proxy-1.9.5_3
  • dnsmasq-2.78,1
  • unbound-1.6.8
  • bind-tools-9.11.2P1


使用了 ezjail 来管理 jails,dnscrypt(IP: 192.168.0.3)、dnsmasq(IP: 192.168.0.4)、unbound(IP: 192.168.0.5) 分别安装于独立的 jail 中。
bind-tools 提供了一组 DNS 工具,比如 nslookup、dig 等可用于测试。

dnscrypt 的安装与配置

pkg install dnscrypt-proxy
sysrc dnscrypt_proxy_enable=”YES”
sysrc dnscrypt_proxy_resolver=”ipredator”
service dnscrypt-proxy start

更多的 dnscrypt resolvers 可以从 /usr/local/share/dnscrypt-proxy/dnscrypt-resolvers.csv 里找到。

dnsmasq 的安装与配置

pkg install dnsmasq
sysrc dnsmasq_enable=”YES”
service dnsmasq start

修改 /usr/local/etc/dnsmasq.conf 确保其包含了下面的配置:

conf-dir=/usr/local/etc/dnsmasq.d/,*.conf

使用 gfwlist2dnsmasq.awk 定时更新 /usr/local/etc/dnsmasq.d/gfwlist.conf。在 /etc/crontab 里添加:

30      2       *       *       *       root    /usr/local/bin/gfwlist2dnsmasq.sh -h 192.168.0.3 -p 53 -S -u /usr/local/etc/user_rule.txt > /dev/null 2>&1

unbound 的安装与配置

pkg install unbound
sysrc unbound_enable=”YES”
service unbound start

/usr/local/etc/unbound/unbound.conf 内相应的位置添加如下配置:

	access-control: 0.0.0.0/0 allow
forward-zone:
	name: .
	forward-addr: 192.168.0.4

修改后的配置文件的差异如下:

root@unbound:~ # diff -ruN /usr/local/etc/unbound/unbound.conf.sample /usr/local/etc/unbound/unbound.conf
--- /usr/local/etc/unbound/unbound.conf.sample  2018-01-20 01:09:20.000000000 +0000
+++ /usr/local/etc/unbound/unbound.conf 2018-02-10 03:09:24.140462000 +0000
@@ -231,6 +231,7 @@
        # access-control: ::0/0 refuse
        # access-control: ::1 allow
        # access-control: ::ffff:127.0.0.1 allow
+       access-control: 0.0.0.0/0 allow
 
        # tag access-control with list of tags (in "" with spaces between)
        # Clients using this access control element use localzones that
@@ -807,6 +808,9 @@
 # forward-zone:
 #      name: "example.org"
 #      forward-host: fwd.example.com
+forward-zone:
+       name: .
+       forward-addr: 192.168.0.4
 
 # Views
 # Create named views. Name must be unique. Map views to requests using

pf 的配置

转发到外部 IP 地址端口 53 的请求到 unbound 的 jail,示例配置:

rdr pass on $ext_if proto tcp from any to $ext_ip port 53 -> 192.168.0.5
rdr pass on $ext_if proto udp from any to $ext_ip port 53 -> 192.168.0.5

测试

dig +short @192.168.0.5 www.google.com
216.58.207.196

参考

#dnscrypt, #dnsmasq, #ezjail, #freebsd, #gfwlist2dnsmasq-awk, #pf, #unbound

How to disable xconsole

uname -sr
FreeBSD 12.0-CURRENT

pkg info -E xdm
xdm-1.1.11_8

sudo diff -ruN /usr/local/etc/X11/xdm/xdm-config.sample /usr/local/etc/X11/xdm/xdm-config
--- /usr/local/etc/X11/xdm/xdm-config.sample 2018-02-08 11:44:17.578118000 +0800
+++ /usr/local/etc/X11/xdm/xdm-config 2018-02-08 17:15:01.893621000 +0800
@@ -22,9 +22,9 @@
DisplayManager*reset: /usr/local/etc/X11/xdm/Xreset
DisplayManager*authComplain: true
! The following three resources set up display :0 as the console.
-DisplayManager._0.setup: /usr/local/etc/X11/xdm/Xsetup_0
-DisplayManager._0.startup: /usr/local/etc/X11/xdm/GiveConsole
-DisplayManager._0.reset: /usr/local/etc/X11/xdm/TakeConsole
+#DisplayManager._0.setup: /usr/local/etc/X11/xdm/Xsetup_0
+#DisplayManager._0.startup: /usr/local/etc/X11/xdm/GiveConsole
+#DisplayManager._0.reset: /usr/local/etc/X11/xdm/TakeConsole
DisplayManager.*.authName: MIT-MAGIC-COOKIE-1
DisplayManager*loginmoveInterval: 10
! SECURITY: do not listen for XDMCP or Chooser requests

#freebsd, #xdm

DELL Inspiron 1420 ubench

CPU: Intel® Core(TM)2 Duo CPU T5250 @ 1.50GHz (1496.29-MHz K8-class CPU)
Memory: 4096 MB

Unix Benchmark Utility v.0.3
Copyright © July, 1999 PhysTech, Inc
Author: Sergei Viznyuk
http://www.phystech.com/download/ubench.html
FreeBSD 11.1-RELEASE-p1 FreeBSD 11.1-RELEASE-p1 #0: Wed Aug 9 11:55:48 UTC 2017
root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64
Ubench CPU: 173693
Ubench MEM: 185418
——————–
Ubench AVG: 179555

#ubench

Finding foreign keys that are missing indexes

https://www.postgresql.org/message-id/BLU115-W30DAE79E6FD8AB13D1E970A6E90%40phx.gbl

#PostgreSQL

在 bananian 上安装配置 Tor

本文假设已经在 Banana Pi R1 上安装了 bananian version: 16.04 (released 2016-04-23) 并运行了监听于 127.0.0.1:2080 的 Socks5 代理服务器,且其内网 IP 地址为 10.5.2.1。

安装

apt install tor
apt install tor-geoipdb

配置

在文件 /etc/tor/torrc 添加如下内容:

SocksPort 10.5.2.1:9050
ExcludeNodes {cn},{hk},{mo},{kp},{ir},{sy},{pk},{cu},{vn}
StrictNodes 1
Socks5Proxy 127.0.0.1:2080

日志

/var/log/tor/log

使用

在浏览器等上设置使用 SOCKS v5 代理服务器,主机为 10.5.2.1,端口为 9050。

#banana-pi-r1, #bananian, #bpi-r1, #debian, #jessie, #socks5, #tor