SSH 隧道 与 科学上网
有时候遇到 SSH 到远端服务器,需要下载 Github 的一些东西,但是远端无法科学上网
此时使用 SSH 隧道转发本地的科学上网代理,就很好用了!
1 | # 在本地 |
1 | # 在远端 |
有时候遇到 SSH 到远端服务器,需要下载 Github 的一些东西,但是远端无法科学上网
此时使用 SSH 隧道转发本地的科学上网代理,就很好用了!
1 | # 在本地 |
1 | # 在远端 |
近期排查问题,发现 DNS 的递归服务器会出带下划线的查询,如:
nslookup www.hbspy.moe
会先发送查询 _.hbspy.moe
的请求
一顿 Google 后发现,是由于 Bind9 的 QNAME Minimization 的机制
https://www.isc.org/blogs/qname-minimization-and-privacy/
默认的配置为 relaxed mode
该机制的目的是为了隐私保护,减小业务域名泄漏到根、顶级域
但是会带来大量的 NXDOMAIN 或 REFUSED 回复
由于大部分 DNS 认为下划线不是合法的域名,虽然现在也已经是合法的了
https://docs.aws.amazon.com/zh_cn/Route53/latest/DeveloperGuide/DomainNameFormat.html
神了个奇
REF:
突然发现 docker completion 不好用了
但也不是完全的失效,比如docker<tab>
里没有 image 了
docker stop<tab>
并不列出容器列表了,只有当前目录列表
原因出在 docker 24 的版本更新,官方建议了一种新的方法来生成 completion
但体验是真的不好,所以有老哥打了回到过去的补丁
1 | zstyle ':omz:plugins:docker' legacy-completion yes |
在 plugins=(…) 之前加即可,如果没有生效可以清除一些缓存
1 | rm .zcompdump* |
回来啦!
Use old-style completion
Completion is not working properly with Docker version 24.0.2 #11789
https://vcb-s.com/archives/8431
VCB-Studio 的物语系列
TMDB 关于物语系列的分季分集真是太反人类了!
整理了一份 NAStool 用的自定义识别词,分享出来
1 | eyIzIjogeyJpZCI6IDMsICJ0aXRsZSI6ICJcdTcyNjlcdThiZWRcdTdjZmJcdTUyMTciLCAieWVhciI6ICIyMDA5IiwgInR5cGUiOiAyLCAidG1kYmlkIjogNDYxOTUsICJzZWFzb25fY291bnQiOiA0LCAid29yZHMiOiB7IjI4IjogeyJpZCI6IDI4LCAicmVwbGFjZWQiOiAiTmlzZW1vbm9nYXRhcmkiLCAicmVwbGFjZSI6ICJNb25vZ2F0YXJpIFNlcmllcyBbUzAyXSIsICJmcm9udCI6ICIiLCAiYmFjayI6ICIiLCAib2Zmc2V0IjogIiIsICJ0eXBlIjogMiwgInNlYXNvbiI6IDIsICJyZWdleCI6IDAsICJoZWxwIjogIiJ9LCAiMzAiOiB7ImlkIjogMzAsICJyZXBsYWNlZCI6ICJCYWtlbW9ub2dhdGFyaSIsICJyZXBsYWNlIjogIk1vbm9nYXRhcmkgU2VyaWVzIFtTMDFdIiwgImZyb250IjogIiIsICJiYWNrIjogIiIsICJvZmZzZXQiOiAiIiwgInR5cGUiOiAyLCAic2Vhc29uIjogMSwgInJlZ2V4IjogMCwgImhlbHAiOiAiIn0sICIzMSI6IHsiaWQiOiAzMSwgInJlcGxhY2VkIjogIk1vbm9nYXRhcmkgU2VyaXNlW1JlY2FwX0lJXSIsICJyZXBsYWNlIjogIk1vbm9nYXRhcmkgU2VyaWVzIFtTMDBFMTFdIiwgImZyb250IjogIiIsICJiYWNrIjogIiIsICJvZmZzZXQiOiAiIiwgInR5cGUiOiAyLCAic2Vhc29uIjogMCwgInJlZ2V4IjogMCwgImhlbHAiOiAiIn0sICIzNiI6IHsiaWQiOiAzNiwgInJlcGxhY2VkIjogIk1vbm9nYXRhcmkgU2VyaXNlW1JlY2FwX0l2Ml0iLCAicmVwbGFjZSI6ICJNb25vZ2F0YXJpIFNlcmllcyBbUzAwRTEwXSIsICJmcm9udCI6ICIiLCAiYmFjayI6ICIiLCAib2Zmc2V0IjogIiIsICJ0eXBlIjogMiwgInNlYXNvbiI6IDAsICJyZWdleCI6IDAsICJoZWxwIjogIiJ9LCAiMzciOiB7ImlkIjogMzcsICJyZXBsYWNlZCI6ICJNb25vZ2F0YXJpIFNlcmlzZVtSZWNhcF9JSUldIiwgInJlcGxhY2UiOiAiTW9ub2dhdGFyaSBTZXJpZXMgW1MwMEUxMl0iLCAiZnJvbnQiOiAiIiwgImJhY2siOiAiIiwgIm9mZnNldCI6ICIiLCAidHlwZSI6IDIsICJzZWFzb24iOiAwLCAicmVnZXgiOiAwLCAiaGVscCI6ICIifSwgIjM1IjogeyJpZCI6IDM1LCAicmVwbGFjZWQiOiAiTmVrb21vbm9nYXRhcmkgXFwoU2hpcm9cXCkiLCAicmVwbGFjZSI6ICJNb25vZ2F0YXJpIFNlcmllcyBbUzAzXSIsICJmcm9udCI6ICIiLCAiYmFjayI6ICIiLCAib2Zmc2V0IjogIiIsICJ0eXBlIjogMiwgInNlYXNvbiI6IDMsICJyZWdleCI6IDEsICJoZWxwIjogIiJ9LCAiMjAiOiB7ImlkIjogMjAsICJyZXBsYWNlZCI6ICJIYW5hbW9ub2dhdGFyaSIsICJyZXBsYWNlIjogIk1vbm9nYXRhcmkgU2VyaWVzIFtTMDBdIiwgImZyb250IjogIlMwMCIsICJiYWNrIjogIkhpMTBwXzEwODBwIiwgIm9mZnNldCI6ICJFUCsxMiIsICJ0eXBlIjogMywgInNlYXNvbiI6IDAsICJyZWdleCI6IDEsICJoZWxwIjogIiJ9LCAiMjEiOiB7ImlkIjogMjEsICJyZXBsYWNlZCI6ICJPbmltb25vZ2F0YXJpIiwgInJlcGxhY2UiOiAiTW9ub2dhdGFyaSBTZXJpZXMgW1MwM10iLCAiZnJvbnQiOiAiUzAzIiwgImJhY2siOiAiSGkxMHBfMTA4MHAiLCAib2Zmc2V0IjogIkVQKzEzIiwgInR5cGUiOiAzLCAic2Vhc29uIjogMywgInJlZ2V4IjogMSwgImhlbHAiOiAiIn0sICIyOSI6IHsiaWQiOiAyOSwgInJlcGxhY2VkIjogIkthYnVraW1vbm9nYXRhcmkiLCAicmVwbGFjZSI6ICJNb25vZ2F0YXJpIFNlcmllcyBbUzAzXSIsICJmcm9udCI6ICJTMDMiLCAiYmFjayI6ICJIaTEwcF8xMDgwcCIsICJvZmZzZXQiOiAiRVArNSIsICJ0eXBlIjogMywgInNlYXNvbiI6IDMsICJyZWdleCI6IDEsICJoZWxwIjogIiJ9LCAiMzIiOiB7ImlkIjogMzIsICJyZXBsYWNlZCI6ICJLb2ltb25vZ2F0YXJpIiwgInJlcGxhY2UiOiAiTW9ub2dhdGFyaSBTZXJpZXMgW1MwM10iLCAiZnJvbnQiOiAiUzAzIiwgImJhY2siOiAiSGkxMHBfMTA4MHAiLCAib2Zmc2V0IjogIkVQKzE3IiwgInR5cGUiOiAzLCAic2Vhc29uIjogMywgInJlZ2V4IjogMSwgImhlbHAiOiAiIn0sICIzNCI6IHsiaWQiOiAzNCwgInJlcGxhY2VkIjogIk5la29tb25vZ2F0YXJpIFxcKEt1cm9cXCkiLCAicmVwbGFjZSI6ICJNb25vZ2F0YXJpIFNlcmllcyBbUzAwXSIsICJmcm9udCI6ICJTMDAiLCAiYmFjayI6ICJIaTEwcF8xMDgwcCIsICJvZmZzZXQiOiAiRVArNSIsICJ0eXBlIjogMywgInNlYXNvbiI6IDAsICJyZWdleCI6IDEsICJoZWxwIjogIiJ9LCAiMzgiOiB7ImlkIjogMzgsICJyZXBsYWNlZCI6ICJPdG9yaW1vbm9nYXRhcmkiLCAicmVwbGFjZSI6ICJNb25vZ2F0YXJpIFNlcmllcyBbUzAzXSIsICJmcm9udCI6ICJTMDMiLCAiYmFjayI6ICJIaTEwcF8xMDgwcCIsICJvZmZzZXQiOiAiRVArOSIsICJ0eXBlIjogMywgInNlYXNvbiI6IDMsICJyZWdleCI6IDEsICJoZWxwIjogIiJ9LCAiMzkiOiB7ImlkIjogMzksICJyZXBsYWNlZCI6ICJPd2FyaW1vbm9nYXRhcmkgUzIiLCAicmVwbGFjZSI6ICJNb25vZ2F0YXJpIFNlcmllcyBbUzAwXSIsICJmcm9udCI6ICJTMDAiLCAiYmFjayI6ICJNYTEwcF8xMDgwcCIsICJvZmZzZXQiOiAiRVArMzQiLCAidHlwZSI6IDMsICJzZWFzb24iOiAwLCAicmVnZXgiOiAxLCAiaGVscCI6ICIifSwgIjQwIjogeyJpZCI6IDQwLCAicmVwbGFjZWQiOiAiVHN1a2ltb25vZ2F0YXJpIiwgInJlcGxhY2UiOiAiTW9ub2dhdGFyaSBTZXJpZXMgW1MwMF0iLCAiZnJvbnQiOiAiUzAwIiwgImJhY2siOiAiTWExMHBfMTA4MHAiLCAib2Zmc2V0IjogIkVQKzE3IiwgInR5cGUiOiAzLCAic2Vhc29uIjogMCwgInJlZ2V4IjogMSwgImhlbHAiOiAiIn0sICI0MSI6IHsiaWQiOiA0MSwgInJlcGxhY2VkIjogIktveW9taW1vbm9nYXRhcmkiLCAicmVwbGFjZSI6ICJNb25vZ2F0YXJpIFNlcmllcyBbUzAwXSIsICJmcm9udCI6ICJTMDAiLCAiYmFjayI6ICJNYTEwcF8xMDgwcCIsICJvZmZzZXQiOiAiRVArMjEiLCAidHlwZSI6IDMsICJzZWFzb24iOiAwLCAicmVnZXgiOiAxLCAiaGVscCI6ICIifSwgIjQzIjogeyJpZCI6IDQzLCAicmVwbGFjZWQiOiAiWm9rdSBPd2FyaW1vbm9nYXRhcmkiLCAicmVwbGFjZSI6ICJNb25vZ2F0YXJpIFNlcmllcyBbUzAwXSIsICJmcm9udCI6ICJTMDAiLCAiYmFjayI6ICJNYTEwcF8xMDgwcCIsICJvZmZzZXQiOiAiRVArNDEiLCAidHlwZSI6IDMsICJzZWFzb24iOiAwLCAicmVnZXgiOiAxLCAiaGVscCI6ICIifSwgIjQ0IjogeyJpZCI6IDQ0LCAicmVwbGFjZWQiOiAiXFxdIE93YXJpbW9ub2dhdGFyaSBcXFsiLCAicmVwbGFjZSI6ICJdTW9ub2dhdGFyaSBTZXJpZXMgW1MwNF1bIiwgImZyb250IjogIlMwNCIsICJiYWNrIjogIk1hMTBwXzEwODBwIiwgIm9mZnNldCI6ICJFUC0xIiwgInR5cGUiOiAzLCAic2Vhc29uIjogNCwgInJlZ2V4IjogMSwgImhlbHAiOiAiIn19fX1AQEBAQEBWQ0ItU3R1ZGlvIOeJqeivreezu+WIlw== |
在 HelloGithub 上看了这个项目 https://github.com/lucavallin/barco
跳过 formatter, linter 直接改成 gcc 试了一下
有报错
1 | 16:41:20 ERROR ./src/cgroups.c:82: failed to open /sys/fs/cgroup/barcontainer/cpu.weight: No such file or directory |
查后发现
子层级的cgroup
资源限制范围被上一级的cgroup.subtree_control
文件内容所限制
于是
1 | echo '+cpu' > /sys/fs/cgroup/cgroup.subtree_control |
正常了!
对端版本为 OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
ssh 报错
1 | no matching host key type found. Their offer: ssh-rsa,ssh-dss |
在 ssh config 中添加
1 | HostKeyAlgorithms +ssh-rsa |
后仍报错
1 | Permission denied (publickey,gssapi-keyex,gssapi-with-mic). |
查看对端 secure 日志
1 | Jul 31 11:46:53 sshd[11845]: error: ssh_rsa_verify: cannot handle type rsa-sha2-512 |
还需在 ssh config 中添加
1 | PubkeyAcceptedKeyTypes +ssh-rsa |
需要添加如下两条配置
1 | HostKeyAlgorithms +ssh-rsa |
推荐一个 Linux 下 TUI 的磁盘使用分析查看工具 ncdu
1 | ncdu 1.18 ~ Use the arrow keys to navigate, press ? for help |
两个问题,原因是一样的
是 systemd-coredump 只是碰巧而已
因为 mysql 容器内的 mysql 用户 ID 是 999
1 | # passwd in mysql container |
而主机上的 999 为 systemd-coredump
1 | # passwd on host |
1 | 2023-07-24T02:47:58.476552-00:00 0 [ERROR] [MY-012592] [InnoDB] Operating system error number 13 in a file operation. |
因为 percona-xtrabackup 容器内的 mysql 用户又是其它 ID
1 | # passwd in xtrabackup container |
可以在 docker run 时指定用户 -u 解决这个问题
1 | docker run --rm -u 999:999 --volumes-from [some-mysql] -v ./backup:/backup percona/percona-xtrabackup xtrabackup --backup --datadir=/var/lib/mysql/ --target-dir=/backup --user=user --password=password |
当然你可以去改各种 syntax.vim, 但是由于复杂的 source 顺序、优先级等等,并不一定能生效
有没有一种方法简单粗暴的自定义高亮关键词
来了!
在vimrc
中添加
1 | augroup myTodo |
REF: https://vi.stackexchange.com/questions/15505/highlight-whole-todo-comment-line
brew 4.0.0 之后运行 doctor 显示
1 | Warning: Some installed kegs have no formulae! |
虽然没什么影响但看着不爽
可以通过brew untap homebrew/core
解决
原因是
It removes the local copy of the tap repository (see manpage). This is fine if you do not work on the repository, because the default option since brew 4.0.0 is to fetch formulae information from the JSON API (see 4.0.0 release notes). If you run brew doctor, you should see that the homebrew/core tap has not been updated for a while.
大致就是走 JSON API 了,homebrew/core 也不维护升级了,所以本地那份也别留着了
参考: