有时候遇到 SSH 到远端服务器,需要下载 Github 的一些东西,但是远端无法科学上网

此时使用 SSH 隧道转发本地的科学上网代理,就很好用了!

1
2
# 在本地
ssh -N -R 1080:localhost:7890 remotehost
1
2
3
4
# 在远端
[root@byrpt ~]# curl www.google.com.hk -x 127.0.0.1:1080
<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en-SG"><head><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop=
# 科学!

近期排查问题,发现 DNS 的递归服务器会出带下划线的查询,如:

nslookup www.hbspy.moe 会先发送查询 _.hbspy.moe 的请求

一顿 Google 后发现,是由于 Bind9 的 QNAME Minimization 的机制

https://www.isc.org/blogs/qname-minimization-and-privacy/

默认的配置为 relaxed mode

该机制的目的是为了隐私保护,减小业务域名泄漏到根、顶级域

但是会带来大量的 NXDOMAIN 或 REFUSED 回复

由于大部分 DNS 认为下划线不是合法的域名,虽然现在也已经是合法的了

https://docs.aws.amazon.com/zh_cn/Route53/latest/DeveloperGuide/DomainNameFormat.html

神了个奇

REF:

失效

突然发现 docker completion 不好用了

但也不是完全的失效,比如docker<tab>里没有 image 了

docker stop<tab>并不列出容器列表了,只有当前目录列表

原因出在 docker 24 的版本更新,官方建议了一种新的方法来生成 completion

但体验是真的不好,所以有老哥打了回到过去的补丁

1
zstyle ':omz:plugins:docker' legacy-completion yes

在 plugins=(…) 之前加即可,如果没有生效可以清除一些缓存

1
2
3
4
5
6
7
8
rm .zcompdump*
rm -rf .oh-my-zsh/cache/*
source .zshrc

[17:39:18] [~] ❱❱❱ docker rm
496f74645e6b local-nginx -- 3 months, nginx
53ad58bb6618 hyperf -- 15 months, hbspy/hyperf
de0e0ad2cecf insight -- 7 months, insight

回来啦!

参考

Use old-style completion

Completion is not working properly with Docker version 24.0.2 #11789

https://vcb-s.com/archives/8431

VCB-Studio 的物语系列

TMDB 关于物语系列的分季分集真是太反人类了!

整理了一份 NAStool 用的自定义识别词,分享出来

1
eyIzIjogeyJpZCI6IDMsICJ0aXRsZSI6ICJcdTcyNjlcdThiZWRcdTdjZmJcdTUyMTciLCAieWVhciI6ICIyMDA5IiwgInR5cGUiOiAyLCAidG1kYmlkIjogNDYxOTUsICJzZWFzb25fY291bnQiOiA0LCAid29yZHMiOiB7IjI4IjogeyJpZCI6IDI4LCAicmVwbGFjZWQiOiAiTmlzZW1vbm9nYXRhcmkiLCAicmVwbGFjZSI6ICJNb25vZ2F0YXJpIFNlcmllcyBbUzAyXSIsICJmcm9udCI6ICIiLCAiYmFjayI6ICIiLCAib2Zmc2V0IjogIiIsICJ0eXBlIjogMiwgInNlYXNvbiI6IDIsICJyZWdleCI6IDAsICJoZWxwIjogIiJ9LCAiMzAiOiB7ImlkIjogMzAsICJyZXBsYWNlZCI6ICJCYWtlbW9ub2dhdGFyaSIsICJyZXBsYWNlIjogIk1vbm9nYXRhcmkgU2VyaWVzIFtTMDFdIiwgImZyb250IjogIiIsICJiYWNrIjogIiIsICJvZmZzZXQiOiAiIiwgInR5cGUiOiAyLCAic2Vhc29uIjogMSwgInJlZ2V4IjogMCwgImhlbHAiOiAiIn0sICIzMSI6IHsiaWQiOiAzMSwgInJlcGxhY2VkIjogIk1vbm9nYXRhcmkgU2VyaXNlW1JlY2FwX0lJXSIsICJyZXBsYWNlIjogIk1vbm9nYXRhcmkgU2VyaWVzIFtTMDBFMTFdIiwgImZyb250IjogIiIsICJiYWNrIjogIiIsICJvZmZzZXQiOiAiIiwgInR5cGUiOiAyLCAic2Vhc29uIjogMCwgInJlZ2V4IjogMCwgImhlbHAiOiAiIn0sICIzNiI6IHsiaWQiOiAzNiwgInJlcGxhY2VkIjogIk1vbm9nYXRhcmkgU2VyaXNlW1JlY2FwX0l2Ml0iLCAicmVwbGFjZSI6ICJNb25vZ2F0YXJpIFNlcmllcyBbUzAwRTEwXSIsICJmcm9udCI6ICIiLCAiYmFjayI6ICIiLCAib2Zmc2V0IjogIiIsICJ0eXBlIjogMiwgInNlYXNvbiI6IDAsICJyZWdleCI6IDAsICJoZWxwIjogIiJ9LCAiMzciOiB7ImlkIjogMzcsICJyZXBsYWNlZCI6ICJNb25vZ2F0YXJpIFNlcmlzZVtSZWNhcF9JSUldIiwgInJlcGxhY2UiOiAiTW9ub2dhdGFyaSBTZXJpZXMgW1MwMEUxMl0iLCAiZnJvbnQiOiAiIiwgImJhY2siOiAiIiwgIm9mZnNldCI6ICIiLCAidHlwZSI6IDIsICJzZWFzb24iOiAwLCAicmVnZXgiOiAwLCAiaGVscCI6ICIifSwgIjM1IjogeyJpZCI6IDM1LCAicmVwbGFjZWQiOiAiTmVrb21vbm9nYXRhcmkgXFwoU2hpcm9cXCkiLCAicmVwbGFjZSI6ICJNb25vZ2F0YXJpIFNlcmllcyBbUzAzXSIsICJmcm9udCI6ICIiLCAiYmFjayI6ICIiLCAib2Zmc2V0IjogIiIsICJ0eXBlIjogMiwgInNlYXNvbiI6IDMsICJyZWdleCI6IDEsICJoZWxwIjogIiJ9LCAiMjAiOiB7ImlkIjogMjAsICJyZXBsYWNlZCI6ICJIYW5hbW9ub2dhdGFyaSIsICJyZXBsYWNlIjogIk1vbm9nYXRhcmkgU2VyaWVzIFtTMDBdIiwgImZyb250IjogIlMwMCIsICJiYWNrIjogIkhpMTBwXzEwODBwIiwgIm9mZnNldCI6ICJFUCsxMiIsICJ0eXBlIjogMywgInNlYXNvbiI6IDAsICJyZWdleCI6IDEsICJoZWxwIjogIiJ9LCAiMjEiOiB7ImlkIjogMjEsICJyZXBsYWNlZCI6ICJPbmltb25vZ2F0YXJpIiwgInJlcGxhY2UiOiAiTW9ub2dhdGFyaSBTZXJpZXMgW1MwM10iLCAiZnJvbnQiOiAiUzAzIiwgImJhY2siOiAiSGkxMHBfMTA4MHAiLCAib2Zmc2V0IjogIkVQKzEzIiwgInR5cGUiOiAzLCAic2Vhc29uIjogMywgInJlZ2V4IjogMSwgImhlbHAiOiAiIn0sICIyOSI6IHsiaWQiOiAyOSwgInJlcGxhY2VkIjogIkthYnVraW1vbm9nYXRhcmkiLCAicmVwbGFjZSI6ICJNb25vZ2F0YXJpIFNlcmllcyBbUzAzXSIsICJmcm9udCI6ICJTMDMiLCAiYmFjayI6ICJIaTEwcF8xMDgwcCIsICJvZmZzZXQiOiAiRVArNSIsICJ0eXBlIjogMywgInNlYXNvbiI6IDMsICJyZWdleCI6IDEsICJoZWxwIjogIiJ9LCAiMzIiOiB7ImlkIjogMzIsICJyZXBsYWNlZCI6ICJLb2ltb25vZ2F0YXJpIiwgInJlcGxhY2UiOiAiTW9ub2dhdGFyaSBTZXJpZXMgW1MwM10iLCAiZnJvbnQiOiAiUzAzIiwgImJhY2siOiAiSGkxMHBfMTA4MHAiLCAib2Zmc2V0IjogIkVQKzE3IiwgInR5cGUiOiAzLCAic2Vhc29uIjogMywgInJlZ2V4IjogMSwgImhlbHAiOiAiIn0sICIzNCI6IHsiaWQiOiAzNCwgInJlcGxhY2VkIjogIk5la29tb25vZ2F0YXJpIFxcKEt1cm9cXCkiLCAicmVwbGFjZSI6ICJNb25vZ2F0YXJpIFNlcmllcyBbUzAwXSIsICJmcm9udCI6ICJTMDAiLCAiYmFjayI6ICJIaTEwcF8xMDgwcCIsICJvZmZzZXQiOiAiRVArNSIsICJ0eXBlIjogMywgInNlYXNvbiI6IDAsICJyZWdleCI6IDEsICJoZWxwIjogIiJ9LCAiMzgiOiB7ImlkIjogMzgsICJyZXBsYWNlZCI6ICJPdG9yaW1vbm9nYXRhcmkiLCAicmVwbGFjZSI6ICJNb25vZ2F0YXJpIFNlcmllcyBbUzAzXSIsICJmcm9udCI6ICJTMDMiLCAiYmFjayI6ICJIaTEwcF8xMDgwcCIsICJvZmZzZXQiOiAiRVArOSIsICJ0eXBlIjogMywgInNlYXNvbiI6IDMsICJyZWdleCI6IDEsICJoZWxwIjogIiJ9LCAiMzkiOiB7ImlkIjogMzksICJyZXBsYWNlZCI6ICJPd2FyaW1vbm9nYXRhcmkgUzIiLCAicmVwbGFjZSI6ICJNb25vZ2F0YXJpIFNlcmllcyBbUzAwXSIsICJmcm9udCI6ICJTMDAiLCAiYmFjayI6ICJNYTEwcF8xMDgwcCIsICJvZmZzZXQiOiAiRVArMzQiLCAidHlwZSI6IDMsICJzZWFzb24iOiAwLCAicmVnZXgiOiAxLCAiaGVscCI6ICIifSwgIjQwIjogeyJpZCI6IDQwLCAicmVwbGFjZWQiOiAiVHN1a2ltb25vZ2F0YXJpIiwgInJlcGxhY2UiOiAiTW9ub2dhdGFyaSBTZXJpZXMgW1MwMF0iLCAiZnJvbnQiOiAiUzAwIiwgImJhY2siOiAiTWExMHBfMTA4MHAiLCAib2Zmc2V0IjogIkVQKzE3IiwgInR5cGUiOiAzLCAic2Vhc29uIjogMCwgInJlZ2V4IjogMSwgImhlbHAiOiAiIn0sICI0MSI6IHsiaWQiOiA0MSwgInJlcGxhY2VkIjogIktveW9taW1vbm9nYXRhcmkiLCAicmVwbGFjZSI6ICJNb25vZ2F0YXJpIFNlcmllcyBbUzAwXSIsICJmcm9udCI6ICJTMDAiLCAiYmFjayI6ICJNYTEwcF8xMDgwcCIsICJvZmZzZXQiOiAiRVArMjEiLCAidHlwZSI6IDMsICJzZWFzb24iOiAwLCAicmVnZXgiOiAxLCAiaGVscCI6ICIifSwgIjQzIjogeyJpZCI6IDQzLCAicmVwbGFjZWQiOiAiWm9rdSBPd2FyaW1vbm9nYXRhcmkiLCAicmVwbGFjZSI6ICJNb25vZ2F0YXJpIFNlcmllcyBbUzAwXSIsICJmcm9udCI6ICJTMDAiLCAiYmFjayI6ICJNYTEwcF8xMDgwcCIsICJvZmZzZXQiOiAiRVArNDEiLCAidHlwZSI6IDMsICJzZWFzb24iOiAwLCAicmVnZXgiOiAxLCAiaGVscCI6ICIifSwgIjQ0IjogeyJpZCI6IDQ0LCAicmVwbGFjZWQiOiAiXFxdIE93YXJpbW9ub2dhdGFyaSBcXFsiLCAicmVwbGFjZSI6ICJdTW9ub2dhdGFyaSBTZXJpZXMgW1MwNF1bIiwgImZyb250IjogIlMwNCIsICJiYWNrIjogIk1hMTBwXzEwODBwIiwgIm9mZnNldCI6ICJFUC0xIiwgInR5cGUiOiAzLCAic2Vhc29uIjogNCwgInJlZ2V4IjogMSwgImhlbHAiOiAiIn19fX1AQEBAQEBWQ0ItU3R1ZGlvIOeJqeivreezu+WIlw==

在 HelloGithub 上看了这个项目 https://github.com/lucavallin/barco

跳过 formatter, linter 直接改成 gcc 试了一下

有报错

1
2
16:41:20 ERROR ./src/cgroups.c:82: failed to open /sys/fs/cgroup/barcontainer/cpu.weight: No such file or directory
16:41:20 FATAL ./src/barco.c:133: failed to initialize cgroups

查后发现

子层级的cgroup资源限制范围被上一级的cgroup.subtree_control文件内容所限制

于是

1
echo '+cpu' > /sys/fs/cgroup/cgroup.subtree_control

正常了!

参考:https://zorrozou.github.io/docs/详解Cgroup V2.html

现象

对端版本为 OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013

ssh 报错

1
no matching host key type found. Their offer: ssh-rsa,ssh-dss

在 ssh config 中添加

1
HostKeyAlgorithms +ssh-rsa

后仍报错

1
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

查看对端 secure 日志

1
2
3
4
Jul 31 11:46:53 sshd[11845]: error: ssh_rsa_verify: cannot handle type rsa-sha2-512
Jul 31 11:46:53 sshd[11845]: error: cert_parse: Certificate signature verification failed
Jul 31 11:46:53 sshd[11845]: error: key_from_blob: can't parse cert data
Jul 31 11:46:53 sshd[11845]: error: userauth_pubkey: cannot decode key: ssh-rsa-cert-v01@openssh.com

还需在 ssh config 中添加

1
PubkeyAcceptedKeyTypes +ssh-rsa

总结

需要添加如下两条配置

1
2
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa

NCurses Disk Usage

推荐一个 Linux 下 TUI 的磁盘使用分析查看工具 ncdu

https://dev.yorhel.nl/ncdu

  • 广泛的发行版支持,brew/yum epel 源可安装,好耶!
  • TUI、Colorful,好耶!
  • 速度快,有缓存,好耶!
1
2
3
4
5
6
7
8
9
10
11
ncdu 1.18 ~ Use the arrow keys to navigate, press ? for help
--- /root ----------------------------------------------------------------------------------------------------------------
2.2 GiB [#################] /insight
1.1 GiB [######## ] /pkg
268.1 MiB [## ] /.cargo
209.5 MiB [# ] /.nvm
182.2 MiB [# ] /.pm2
80.2 MiB [ ] /.vim
50.9 MiB [ ] /.cache
22.4 MiB [ ] /.npm
8.5 MiB [ ] /backup

两个问题,原因是一样的

为什么 docker mysql 建出来的 /var/lib/mysql 用户是 systemd-coredump

是 systemd-coredump 只是碰巧而已

因为 mysql 容器内的 mysql 用户 ID 是 999

1
2
# passwd in mysql container
mysql:x:999:999::/var/lib/mysql:/bin/bash

而主机上的 999 为 systemd-coredump

1
2
# passwd on host
systemd-coredump:x:999:997:systemd Core Dumper:/:/sbin/nologin

为什么 percona-xtrabackup 备份容器中的 mysql 显示无权限

1
2
3
2023-07-24T02:47:58.476552-00:00 0 [ERROR] [MY-012592] [InnoDB] Operating system error number 13 in a file operation.
2023-07-24T02:47:58.476735-00:00 0 [ERROR] [MY-012595] [InnoDB] The error means mysqld does not have the access rights to the directory.
2023-07-24T02:47:58.490978-00:00 0 [ERROR] [MY-013861] [InnoDB] Failed to list redo log files in the redo log directory ./#innodb_redo/

因为 percona-xtrabackup 容器内的 mysql 用户又是其它 ID

1
2
3
# passwd in xtrabackup container
systemd-coredump:x:999:997:systemd Core Dumper:/:/sbin/nologin
mysql:x:1001:1001:Default Application User:/home/mysql:/sbin/nologin

可以在 docker run 时指定用户 -u 解决这个问题

1
docker run --rm -u 999:999 --volumes-from [some-mysql] -v ./backup:/backup percona/percona-xtrabackup xtrabackup --backup --datadir=/var/lib/mysql/ --target-dir=/backup --user=user --password=password

如何简单粗暴的在 Vim 中自定义高亮的关键词

当然你可以去改各种 syntax.vim, 但是由于复杂的 source 顺序、优先级等等,并不一定能生效

有没有一种方法简单粗暴的自定义高亮关键词

来了!

vimrc中添加

1
2
3
4
5
augroup myTodo
autocmd!
autocmd Syntax * syntax match myTodo /\v\c(fuck|hbspy)/ containedin=.*Comment
augroup END
highlight link myTodo Todo

REF: https://vi.stackexchange.com/questions/15505/highlight-whole-todo-comment-line

brew 4.0.0 之后运行 doctor 显示

1
2
3
4
5
6
Warning: Some installed kegs have no formulae!
This means they were either deleted or installed manually.
You should find replacements for the following formulae:
pycparser
cffi
erdtree

虽然没什么影响但看着不爽

可以通过brew untap homebrew/core解决

原因是

It removes the local copy of the tap repository (see manpage). This is fine if you do not work on the repository, because the default option since brew 4.0.0 is to fetch formulae information from the JSON API (see 4.0.0 release notes). If you run brew doctor, you should see that the homebrew/core tap has not been updated for a while.

大致就是走 JSON API 了,homebrew/core 也不维护升级了,所以本地那份也别留着了

参考:

0%