Have you had the same experience as me? When you fall in love a piece of software, you use it daily and it becomes part of your life. Then, after a ‘better’ or ‘faster’ upgrade, you find your loving relations with the software broken, the software is no longer so comfortable to use and you start looking for alternatives. Typical in this world, isn’t it? This happens when the software development team focuses more on maximizing the profits instead of benefits of the software itself. It is a sad turning point and inevitable entropy in software version number escalation process.
As a long time customer of RamNode, I need to write a post and express my appreciation of its service.
Today, while reinstalling WordPress on this VPS, I found that it was no longer easy to install it on a VPS with 128MB. I opened a ticket on RamNode’s platform to request upgrading memory to 256MB, and within minutes, the memory is bumped up free of charge for me and the ticket is also replied promptly saying the upgrade is both free and permanent.
The way RamNode treats its client is awesome, and I am an extremely happy that my small blog is being hosted on its VPS.
As a side note, previously I used Tuxlite to install WordPress with no hassle. Now it no longer support recent Linux distributions. What a pity. I tried my luck with services such as moss.sh and ploi.io didn’t work, despite the OS version meets their requirements.
Tried some automated script on GitHub, I’d say that pothi/wordpress-nginx worked with some success, although it still requires users to install WordPress manually. WordOps threw a few error messages about starting MySQl, however, after rerun the simple and elegant installation process, it worked! I will use WordOps again to reinstall and play with its functions such as Let’s Encrypt and caching.
Today, after installing Debian Testing, which is code-named as ‘stretch’, I noticed that my network interface is changed into enp0s25 instead of the familiar eth0. After some quick search, it was revealed that Systemd did this. The tentacles of Systemd have extended too far and too many. What was initially as init management program, now tends to control every aspect of the system. I am seriously considering switching away from all Linux distributions that come with Systemd. Devuan is a promising option (https://devuan.org/) and next year, instead of donating to Wikipedia as I usually do, I will donate to devuan to show my support.
Here are more complaints for Systemd:
- It was developed by some guys working in Redhat. Beware of the Linux with corporate agenda and be cautious of people working for the corporate interest
- It is unnecessarily complicated. When using systemctl to start a process with errors, it does not provide error log directly, but rather gives out partial information and asks me to use journalctl to view the errors, and in often times, the information provided by journalctl is of not much help either
Init has been working perfectly for me, and I don’t need whatever magic Systemd claims to have
Now I also have some complaints about Debian. When installing a program, –no-install-recommends and –no-install-suggests should be the default setting. I want to clean system and I don’t want to install unnecessary dependencies which take up the hard drive and memories.
If the colossal ship of Nokia was sunk by a mole from Microsoft, fellow Linuxer, beware of Systemd, it can damage the Linux ecosystem by its corporate agenda. Fuck Systemd.
Linux should always be a system of individual tools working happily together, each responsible for doing one thing only and doing it excellently. By no means should a monolithic system service like Systemd extend its claws in the tried-and-true philosophy of *nix systems.
Switch to Devuan.
This is a precursor of possible a long post about configuring a software firewall using virtualbox together with an open source firewall distribution such as ipcop, pfsense and t1n1wall (one of the successors of m0n0wall).
I will jot down the most important elements here and these are the results of hours of tests on various combination of configurations.
My network settings
- One external IP address directly connected to the outside world.
- One physical network card.
- MS Loopback network card (installed under Windows to function as the Bridged Network interface).
Network properties in the host machine
Instead of keeping just the Bridge Protocal of vmware and Bridged Networking Driver of virtualbox, I ticked another two additional protocols:
- Link-layer Topology Discovery Mapper I/O Driver
- Link-layer Topology Discovery Responder
In particular, Link-layer Topology Discovery Responder is essential for connecting to the wireless network. When it is unticked, the WAN interface under ipcop or pfsense finds it very difficult to connect to the wireless router. As a result, the network property for the physical network interface on the Windows host machine looks as follows:
Network configuration under virtualbox
- The most important thing is the network configuration under virtualbox. Both the adapter 1 and adapter2 need to be attached to Bridged Adapter (see attached pictures).
- I did limited tests and it appeared that selecting the Host-only adapter can also work, since there is a virtualbox bridged network driver ticked for “VirtualBox Host-Only Network”. However, if I choose Host-Only network for adapter2, t1n1wall cannot forward traffic from the host Windows machine to the outside world. For t1n1wall, and maybe other BSD flavored firewalls, it is better to set the adapter2 as bridged — although I assume making adapter2 the Host-Only network will make the host machine safer.
- I also installed Debian+arnos iptables firewall in virtualbox, and the adapter2 can be Host-Only or Bridged, both will work. In arno’s iptables firewall, just enable NAT and the host Windows machine will be able to visit the outside world.
- To easily identify which NIC is designated to WAN or LAN, click on Advanced and manually edit the automatically generated MAC address to something you can identify. I change the last two digits of the WAN MAC address into something like 080027276FAA and the last two digits of the LAN MAC address into something like 080027698CBB.
Do you need to setup VLAN under t1n1 and pfsense?
No. If you use bridged network, there is no need to setup VLAN.
If you choose to attach the network adapter to Internal Network, you may need to setup VLAN for the LAN to access the Internet, however, I didn’t test it. I am not so sure if you can even choose Internal Network when you want the host Windows machine to access the Internet.
I experienced several problems with pfsense and I don’t recommend using it with virtualbox and vmware if your sole purpose is using a firewall to protect your Windows PC with a firewall.
- Time drifts under vmware. pfsense experienced serious time drifts under vmware workstation 9.0. I simply can’t get the accurate time for pfsense under vmware. There is no time-drifting problems for virtualbox and pfsense.
- Port forwarding does not work. after numerous attempts, I still can’t reliably forward the ports to bittorrent clients running on the Windows host machine. I setup both NAT and firewall rules, and set the log to record the hits of the rules, however, it either turns up a few hits or no hits at all — even though the bittorrent client is working heavily with multiple downloads. Port forwarding works well under t1n1wall and ipcop, and the firewall log shows up the hit records with no problems.
- Overkill for the purpose. I run a single Windows PC as a host and I don’t need all the bells and whistles of pfsense, which have numerous configurations and settings I will never use.
ipcop vs ipfire
- Ipcop is simple and elegant. Its settings are easy to understand and intuitive. Just works and serves the purpose as a firewall very well.
- Ipfire has many features and packages. It appears it uses much more resources with my limited tests.
t1n1wall and smallwall
- t1n1 is simple to use and port forwarding for bittorrent clients works well. Its development is more recent than smallwall.
- smallwall should work almost identically with t1n1wall, and I chose t1n1wall simply because its releases are newer.
vmware and its network configuration
- For the LAN interface, I created vmnet2 and designated it as host-only network. There is no problems installing ipcop running on it, although I haven’t tested port forwarding heavily on it.
- You can also install MS Loopback NIC, create a new vmnet interface and designate it as bridged network.
- In virtual machine settings, in the Network Adapter section, click on Advanced, and modify its MAC address so that you will know which interface is assigned to WAN or LAN in the firewall.
questions that remains to be solved
- Linux firewalls appears to be less “secure”, because I don’t have to set port-forwarding rules to make bittorrent clients directly connect to the outside. With BSD flavored firewalls, I will need to specifically configure NAT rules and portforwarding to allow bittorrent work properly. Don’t know why this happens.
- Is for the LAN adapter, is Host-Only network safer than than Bridged network?
- For BSD firewalls, using Host-Only adapter does not seem to work. It has to be bridged network.
These two resources provides very useful information for sett
AxCrypt is a nightmare for my computer. It downloaded many exe files and installed Conduit Adware across the system. My Firefox starting pages are deleted and the homepage is changed into http://search.conduit.com. An ugly and intrusive toolbar is also install on Internet Explorer (IE).
A virus total scan report shows that AxCrypt is infected with OpenCandy Adware. Actually it is worse than normal Adware because it is so pervasive and intrusive — most important of all, no user consent was acquired before this heinous AxCrypt infected system with Trojan like malicious applications: Malwarebye scan reports that there are about 140 folders, files and registry keys which are infected with conduit malware. Please avoid using AxCrypt at all cost. You have been warned.
To the developers of AxCrypt: shame on you!
After my X220 arrived to my place through numerous troubles, I still didn’t find time to reinstall its system and use it heavily. But I have time to waste elsewhere: several hours spent on investigating how to make eGPU (external Graphics Processing Unit) working for X220.
Here are my findings. It is totally workable for X220 and does not require too many skills to set up. You only need the right hardware and the software.
- Graphic card: Zotac Geforce GTX560 Ti 1GB GDDR5. A nVidia card is preferred to an ATI one.
- Interface: PE4L ( PCIe Adapter ver2.1b ) connects the graphic card and the express card. PE4L 2.1b is capable of transferring 5Gb of data. This is a good match for X220, which has Sandy Bridge platform and Express Card version 2.0.
- Power supply: Corsair CX430
- Cables that connect the graphic card with the monitor (Maybe I will just use the default DVI cable. Not sure if this affects performance)
With these gigs, the bandwidth is x1.2Opt which means x1 lane and interface 2.0, and nVidia optimus is helping compressing the data. This is supposed to perform significantly better than x1.1Opt. This information can be found in the section of “Bus Interface” in GPU-Z .
- New bios 1.23 and above for X220
- nVidia Optimus driver for displaying image on the internal LCD
- no need to restart the system if using Windows 7
I am not longer a gaming person and the only game I can think of playing is Need for Speed. If I can get the papers done, I will implement it and hook it to my TV and play.
The benchmark results of this configuration should be similar to this:
Set-Up: X220 i5 2520m, 8 GB RAM, GTX 560 Ti 448 Cores, PE4L v2.1b
3D Mark 2006: 17.879
Resident Evil: 143,6
3D Mark Vantage GPU: 17.973
Devil May Cry: 181,4
3D Mark 2011: 4.560
In Advanced Settings of Fineprint, choose:
1. The printer requires manual duplex
2. Paper must be flipped over (along the short side)
In this way, when it finishes one-side printing, take the paper and face the printed page, then flip it over along the short side.
1. The sound does not work well on HP Dv2000t with Win 7 Thin PC.
Even if I mute the system sound, individual programs will still make sound and can not be muted. Sometimes, the whole system is muted even I enable sound, and a reboot is needed for the sound to come out again.
2. The good thing about Thin PC is that it does not have BSOD as Win XP usually did on my laptop.
I installed Win 7 Thin PC on my five year old HP dv2000t. The installation process was straightforward. Here are some information you might find useful if you plan to install this stripped-down version of win7.
1. Use diskgenius to partition and align the SSD disk. I didn’t realize diskgenius can easily assign the sector to the new 4K sector and I wasted too much time finding the right partition tool.
2. Then use wintoflash to transfer the ISO image of thinpc into the USB thumb stick and boot from that boot from it. The system will restart twice before the installation is finished and a little patience is required when the installation process seems frozen.
3. The display of Chinese fonts is not so good and some tuning such as clear-type is needed for better display. Installing popular Chinese fonts is also recommended.
4. The Chinese input method is working and the interface as well as the locale can be changed to suit the Chinese language environment. In this respect, it feels like using Linux in a simple way, because I do the same thing under Linux.
5. To run cmd.exe as an administrator, find the file first, then right click and select ‘run as an administrator’. You need admin privilege to run activate commands.
Like any new version of MS OS, the system feels slower and it uses more resources. I am thinking of going back to XP. Thin PC and probably Win7 looks better, but do not necessarily works better than XP.
Then why did I install Thin PC in the first place? Because I have a 40G SSD drive and Win7 or Thin PC is optimized for SSD hard drive. Also, Thin PC uses less space than Win7 which has many extra features I do not need.
For now, I will stick to this Thin PC system for a while and may eventually return to a self-customized version of XP.
I am no twitter fan but as G.F*W gets so omnipotent, I guess I should dig a tiny hole in it by using twitter anyway.
After a few days of search, I found the following ways to access twitter on my Nokia Symbian phone.
- The easiest way is to visit http://wkg.me and input your twitter account information. After that, you will have an quite intuitive interface to do your normal tweets.
- Using http://twittermail.com and register your twitter account. After that, you can send a tweet to your secret email account suffixed by @twittermail.com. But for users from China, one needs to climb over G.F*W to visit the twittermail site.
- Install the application Mobitile on the phone and send tweets from it. I put it at the bottom of the list because I don’t like its ads and keyboard operations — especially its slow flash interface.
You can find more mobile phone applications for twitter at Twitter Fan Wiki.
Update: I found Snaptu quite handy when it comes to serving as a mobile phone feed center. Using twitter on Snaptu is hassle free and I enjoy using its News&Blogs app. Also, since Twitter is so open to the third-party API, it is impossible to gfw it.
I previously used QuickProxy addon for Firefox but found that it failed to load Youtube for me. Today I changed my proxyfier into FoxyProxy and it solved all my problems. Here is a brief tutorial of how to use it under Firefox.
After installing it, you need to add a proxy server. Here I conviently named the profile ‘Beyond the Wall”.
Next step is putting in the address of the proxy server. I use a ssh tunnel between the localhost and the remote host, so the address here is 127.0.0.1 and the port I designated under putty is 9000. Be sure to select “SOCKS proxy?” otherwise the page won’t load.
I don’t want to use this tunnel for all the sites, so I need to tell FoxyProxy to only proxify sites I want. Still under the new proxy server interface, add the patterns for the sites to visit.
I don’t know if configuring using this is totally secure and anonymous or not. If you know better ways to use ssh tunnel and Firefox, tell me.