I don’t like Systemd and I have complaints about Debian

Today, after installing Debian Testing, which is code-named as ‘stretch’, I noticed that my network interface is changed into enp0s25 instead of the familiar eth0. After some quick search, it was revealed that Systemd did this. The tentacles of Systemd have extended too far and too many. What was initially as init management program, now tends to control every aspect of the system. I am seriously considering switching away from all Linux distributions that come with Systemd. Devuan is a promising option (https://devuan.org/) and next year, instead of donating to Wikipedia as I usually do, I will donate to devuan to show my support.

Here are more complaints for Systemd:

  • It was developed by some guys working in Redhat. Beware of the Linux with corporate agenda and be cautious of people working for the corporate interest
  • It is unnecessarily complicated. When using systemctl to start a process with errors, it does not provide error log directly, but rather gives out partial information and asks me to use journalctl to view the errors, and in often times, the information provided by journalctl is of not much help either

Init has been working perfectly for me, and I don’t need whatever magic Systemd claims to have

Now I also have some complaints about Debian. When installing a program, –no-install-recommends and –no-install-suggests should be the default setting. I want to clean system and I don’t want to install unnecessary dependencies which take up the hard drive and memories.

If the colossal ship of Nokia was sunk by a mole from Microsoft, fellow Linuxer, beware of Systemd, it can damage the Linux ecosystem by its corporate agenda. Fuck Systemd.

Linux should always be a system of individual tools working happily together, each responsible for doing one thing only and doing it excellently. By no means should a monolithic system service like Systemd extend its claws in the tried-and-true philosophy of *nix systems.

Switch to Devuan.

Protect Windows with Virtualbox, pfsense, ipcop, ipfire and t1n1wall

This is a precursor of possible a long post about configuring a software firewall using virtualbox together with an open source firewall distribution such as ipcop, pfsense and t1n1wall (one of the successors of m0n0wall).

I will jot down the most important elements here and these are the results of hours of tests on various combination of configurations.

My network settings

  1. One external IP address directly connected to the outside world.
  2. One physical network card.
  3. MS Loopback network card (installed under Windows to function as the Bridged Network interface).

Network properties in the host machine

Instead of keeping just the Bridge Protocal of vmware and Bridged Networking Driver of virtualbox, I ticked another two additional protocols:

  1. Link-layer Topology Discovery Mapper I/O Driver
  2. Link-layer Topology Discovery Responder

In particular, Link-layer Topology Discovery Responder is essential for connecting to the wireless network. When it is unticked, the WAN interface under ipcop or pfsense finds it very difficult to connect to the wireless router. As a result, the network property for the physical network interface on the Windows host machine looks as follows:

Keep both the bridge protocols and the Link-layer protocols in the host machine
Keep both the bridge protocols and the Link-layer protocols in the host machine

Network configuration under virtualbox

  1. The most important thing is the network configuration under virtualbox. Both the adapter 1 and adapter2 need to be attached to Bridged Adapter (see attached pictures).
  2. I did limited tests and it appeared that selecting the Host-only adapter can also work, since there is a virtualbox bridged network driver ticked for “VirtualBox Host-Only Network”. However, if I choose Host-Only network for adapter2, t1n1wall cannot forward traffic from the host Windows machine to the outside world. For t1n1wall, and maybe other BSD flavored firewalls, it is better to set the adapter2 as bridged — although I assume making adapter2 the Host-Only network will make the host machine safer.
  3. I also installed Debian+arnos iptables firewall in virtualbox, and the adapter2 can be Host-Only or Bridged, both will work. In arno’s iptables firewall, just enable NAT and the host Windows machine will be able to visit the outside world.
  4. To easily identify which NIC is designated to WAN or LAN, click on Advanced and manually edit the automatically generated MAC address to something you can identify. I change the last two digits of the WAN MAC address into something like 080027276FAA and the last two digits of the LAN MAC address into something like 080027698CBB.
virtualbox network configuration for ipcop, pfsense adapter1
virtualbox network configuration for ipcop, pfsense adapter2. For adapter2, selecting host-only network should also work, but I am not so sure if portforwarding will be affected or not.

Do you need to setup VLAN under t1n1 and pfsense?

No. If you use bridged network, there is no need to setup VLAN.

If you choose to attach the network adapter to Internal Network, you may need to setup VLAN for the LAN to access the Internet, however, I didn’t test it. I am not so sure if you can even choose Internal Network when you want the host Windows machine to access the Internet.


I experienced several problems with pfsense and I don’t recommend using it with virtualbox and vmware if your sole purpose is using a firewall to protect your Windows PC with a firewall.

  1. Time drifts under vmware. pfsense experienced serious time drifts under vmware workstation 9.0. I simply can’t get the accurate time for pfsense under vmware. There is no time-drifting problems for virtualbox and pfsense.
  2. Port forwarding does not work. after numerous attempts, I still can’t reliably forward the ports to bittorrent clients running on the Windows host machine. I setup both NAT and firewall rules, and set the log to record the hits of the rules, however, it either turns up a few hits or no hits at all — even though the bittorrent client is working heavily with multiple downloads. Port forwarding works well under t1n1wall and ipcop, and the firewall log shows up the hit records with no problems.
  3. Overkill for the purpose. I run a single Windows PC as a host and I don’t need all the bells and whistles of pfsense, which have numerous configurations and settings I will never use.

ipcop vs ipfire

  1. Ipcop is simple and elegant. Its settings are easy to understand and intuitive. Just works and serves the purpose as a firewall very well.
  2. Ipfire has many features and packages. It appears it uses much more resources with my limited tests.

t1n1wall and smallwall

  1. t1n1 is simple to use and port forwarding for bittorrent clients works well. Its development is more recent than smallwall.
  2. smallwall should work almost identically with t1n1wall, and I chose t1n1wall simply because its releases are newer.

vmware and its network configuration

  1. For the LAN interface, I created vmnet2 and designated it as host-only network. There is no problems installing ipcop running on it, although I haven’t tested port forwarding heavily on it.
  2. You can also install MS Loopback NIC, create a new vmnet interface and designate it as bridged network.
  3. In virtual machine settings, in the Network Adapter section, click on Advanced, and modify its MAC address so that you will know which interface is assigned to WAN or LAN in the firewall.

questions that remains to be solved

  1. Linux firewalls appears to be less “secure”, because I don’t have to set port-forwarding rules to make bittorrent clients directly connect to the outside. With BSD flavored firewalls, I will need to specifically configure NAT rules and portforwarding to allow bittorrent work properly. Don’t know why this happens.
  2. Is for the LAN adapter, is Host-Only network safer than than Bridged network?
  3. For BSD firewalls, using Host-Only adapter does not seem to work. It has to be bridged network.


These two resources provides very useful information for sett

  1. http://www.dowdandassociates.com/blog/content/howto-software-routers-on-virtual-machines/
  2. http://timita.org/wordpress/2011/07/31/protect-windows-with-pfsense-and-virtualbox-part-3-installing-virtualbox-and-creating-a-new-vm-for-pfsense/

AxCrypt is evil and it installs heinous Adware on your computer. Avoid at all costs!

AxCrypt is a nightmare for my computer. It downloaded many exe files and installed Conduit Adware across the system. My Firefox starting pages are deleted and the homepage is changed into http://search.conduit.com. An ugly and intrusive toolbar is also install on Internet Explorer (IE).

A virus total scan report shows that AxCrypt is infected with OpenCandy Adware. Actually it is worse than normal Adware because it is so pervasive and intrusive — most important of all, no user consent was acquired before this heinous AxCrypt infected system with Trojan like malicious applications: Malwarebye scan reports that there are about 140 folders, files and registry keys which are infected with conduit malware. Please avoid using AxCrypt at all cost. You have been warned.

To the developers of AxCrypt: shame on you!

Setting up eGPU for Thinking X220

After my X220 arrived to my place through numerous troubles, I still didn’t find time to reinstall its system and use it heavily. But I have time to waste elsewhere: several hours spent on investigating how to make eGPU (external Graphics Processing Unit) working for X220.

Here are my findings. It is totally workable for X220 and does not require too many skills to set up. You only need the right hardware and the software.


  • Graphic card: Zotac Geforce GTX560 Ti 1GB GDDR5. A nVidia card is preferred to an ATI one.
  • Interface: PE4L ( PCIe Adapter ver2.1b ) connects the graphic card and the express card. PE4L 2.1b is capable of transferring 5Gb of data. This is a good match for X220, which has Sandy Bridge platform and Express Card version 2.0.
  • Power supply: Corsair CX430
  • Cables that connect the graphic card with the monitor (Maybe I will just use the default DVI cable. Not sure if this affects performance)

With these gigs, the bandwidth is x1.2Opt which means x1 lane and interface 2.0, and nVidia optimus is helping compressing the data. This is supposed to perform significantly better than x1.1Opt. This information can be found in the section of “Bus Interface” in GPU-Z .


  • New bios 1.23 and above for X220
  • nVidia Optimus driver for displaying image on the internal LCD
  • no need to restart the system if using Windows 7

I am not longer a gaming person and the only game I can think of playing is Need for Speed. If I can get the papers done, I will implement it and hook it to my TV and play.

The benchmark results of this configuration should be similar to this:

Set-Up: X220 i5 2520m, 8 GB RAM, GTX 560 Ti 448 Cores, PE4L v2.1b

3D Mark 2006: 17.879
Resident Evil: 143,6

3D Mark Vantage GPU: 17.973
Devil May Cry: 181,4

3D Mark 2011: 4.560
Heaven: 1306


Fineprint double-sided printing under Canon LBP 2900

In Advanced Settings of Fineprint, choose:

1. The printer requires manual duplex

2. Paper must be flipped over (along the short side)

In this way, when it finishes one-side printing, take the paper and face the printed page, then flip it over along the short side.

Installing Win7 Thin PC on HP Dv2000t


1. The sound does not work well on HP Dv2000t with Win 7 Thin PC.

Even if I mute the system sound, individual programs will still make sound and can not be muted. Sometimes, the whole system is muted even I enable sound, and a reboot is needed for the sound to come out again.

2. The good thing about Thin PC is that it does not have BSOD as Win XP usually did on my laptop.


I installed Win 7 Thin PC on my five year old HP dv2000t. The installation process was straightforward. Here are some information you might find useful if you plan to install this stripped-down version of win7.

1. Use diskgenius to partition and align the SSD disk. I didn’t realize diskgenius can easily assign the sector to the new 4K sector and I wasted too much time finding the right partition tool.

2. Then use wintoflash to transfer the ISO image of thinpc into the USB thumb stick and boot from that boot from it. The system will restart twice before the installation is finished and a little patience is required when the installation process seems frozen.

3. The display of Chinese fonts is not so good and some tuning such as clear-type is needed for better display. Installing popular Chinese fonts is also recommended.

4. The Chinese input method is working and the interface as well as the locale can be changed to suit the Chinese language environment. In this respect, it feels like using Linux in a simple way, because I do the same thing under Linux.

5. To run cmd.exe as an administrator, find the file first, then right click and select ‘run as an administrator’. You need admin privilege to run activate commands.

Like any new version of MS OS, the system feels slower and it uses more resources. I am thinking of going back to XP. Thin PC and probably Win7 looks better, but do not necessarily works better than XP.

Then why did I install Thin PC in the first place? Because I have a 40G SSD drive and Win7 or Thin PC is optimized for SSD hard drive. Also, Thin PC uses less space than Win7 which has many extra features I do not need.

For now, I will stick to this Thin PC system for a while and may eventually return to a self-customized version of XP.

Three ways to use Twitter on Symbian phones

I am no twitter fan but as G.F*W gets so omnipotent, I guess I should dig a tiny hole in it by using twitter anyway.

After a few days of search, I found the following ways to access twitter on my Nokia Symbian phone.

  1. The easiest way is to visit http://wkg.me and input your twitter account information. After that, you will have an quite intuitive interface to do your normal tweets.
  2. Using http://twittermail.com and register your twitter account. After that, you can send a tweet to your secret email account suffixed by @twittermail.com. But for users from China, one needs to climb over G.F*W to visit the twittermail site.
  3. Install the application Mobitile on the phone and send tweets from it. I put it at the bottom of the list because I don’t like its ads and keyboard operations — especially its slow flash interface.

You can find more mobile phone applications for twitter at Twitter Fan Wiki.

Update: I found Snaptu quite handy when it comes to serving as a mobile phone feed center. Using twitter on Snaptu is hassle free and I enjoy using its News&Blogs app. Also, since Twitter is so open to the third-party API, it is impossible to gfw it.

How to bypass firewalls under Firefox

I previously used QuickProxy addon for Firefox but found that it failed to load Youtube for me. Today I changed my proxyfier into FoxyProxy and it solved all my problems. Here is a brief tutorial of how to use it under Firefox.

After installing it, you need to add a proxy server. Here I conviently named the profile ‘Beyond the Wall”.

Next step is putting in the address of the proxy server. I use a ssh tunnel between the localhost and the remote host, so the address here is and the port I designated under putty is 9000. Be sure to select “SOCKS proxy?” otherwise the page won’t load.

I don’t want to use this tunnel for all the sites, so I need to tell FoxyProxy to only proxify sites I want. Still under the new proxy server interface, add the patterns for the sites to visit.

I don’t know if configuring using this is totally secure and anonymous or not. If you know better ways to use ssh tunnel and Firefox, tell me.

Running Hiren’s BootCD from hard drive

Update: Running Hiren’s BootCD from hard drive has become much simpler in its recent releases (at least version 10.0 and above). Please use the following method instead to boot it from your hard drive:

  1. make sure the partition is FAT32 not NTFS (let’s assume its C: from this point on)
  2. in the HBCD directory of the ISO image, find the two files menu.lst and grldr, and copy them to C:
  3. copy the entire directory HBCD to C:
  4. download grub4dos, extract grub.exe to C:
  5. modify boot.ini file for XP, and add C:GRLDR=”Hiren” to it

Now reboot the system and choose Hiren in the menu. You are good to go. As a side note, Hiren should include the NTFS support into boot.gz image. If you feel adventurous, you can try to do it yourself, thus enabling booting Hiren from a NTFS partition.

The following is the old method, and only use it for the old version of Hiren BootCD.

Hiren’s BootCD is easily rankings itself among the best boot cds and system maintenance tools. I have configured it to run both from my USB stick or directly from hard disk. Here is how to boot Hiren’s BootCD from the hard disk using grub for dos (grub4dos).

    1. The first step is getting grub4dos and release the GRLDR, grub.exe and MENU.lst to the root directory of C:
    2. Open the ISO file of Hiren’s BootCD using Daemon Tools or Winimage and extract the directory HBCD to the root directory of C:
    3. Edit MENU.lst and put the following code into it:
timeout 30
default 0

title Start Hiren's BootCD
find --set-root /HBCD/boot.gz
map --mem /HBCD/boot.gz (fd0)
map --hook
chainloader (fd0)+1
rootnoverify (fd0)
map --floppies=1
    1. Edit the boot.ini file under C: and put the following line into it. This will make Windows load grub4dos, and then grub4dos will load Hiren’s boot file to boot it.
    1. You can also boot the mini WinXP in the HBCD directory by adding the following code into the MENU.lst file.
title Mini Windows Xp
find --set-root /HBCD/XPLOADER.BIN
chainloader /HBCD/XPLOADER.BIN

After the modifications, reboot the system to use your Hiren’s BootCD from the hard disk. Becaues the boot.gz under HBCD does does not come with ntfs drivers, this method only works when C: is in FAT32 format.

Prevent Directory Listing in Lighttpd

How to prevent files under wp-content/uploads to be listed in the browser? It is actually a one-liner under Lighttpd (lighty).

Edit /etc/lighttpd/lighttpd.conf and change server.dir-listing into disable.

 server.dir-listing          = "disable"

If you choose to enable directory listing, you can set the encoding of the file names to be displayed:

 dir-listing.encoding        = "utf-8"

There are wonderful resources about lighty in the following two sites: Flexion.Org and Calomel.org