An Elegant "Scripture of Safety" Generator

This post is about a meme in China that may require some cultural background to understand.Since the content is related to the specific language used, there are minor differences between the Chinese and English versions.What's "Scripture of Safety"?The Scripture of Safety (平安经) is a book written by He Dian, the (now former) official of Jilin Public Security Department, China. The content in the book is simply a repetition of the phrase "Wish XXX safe" (XXX 平安), yet the book is sold at a high price. The public speculates that publishing and purchase of the book serves as a mean of bribe.The content of The Scripture of Safety is formatted as: (from Wikipedia (Chinese))「眼平安,耳平安,鼻平安」"Wish eyes safe, ears safe,...
Illustration

Intel and NVIDIA GPU Passthrough on a Optimus MUXless Laptop

Changelog2022-07-21: Add starting GVT-g on startup. Thanks to comment from Owsmyf (on Chinese version of this post).2022-01-22: Revisions on NVIDIA driver updates and comments.I successfully passed through an Optimus MUXed GPU on my new laptop.Abstract (Spoiler Alert!)I successfully passed through Intel's GVT-g virtual GPU, as well as the dedicated NVIDIA GPU itself, into a virtual machine on Lenovo R720 gaming laptop.However, due to the limitation of the architecture itself, this GPU passthrough scheme is severely limited. For example, the dGPU is unusable in many games, and the performance is still relatively worse despite the complicated setup it needs.Therefore, you may attempt the passthrough purely for the fun of tinkering, but I don't recommend using it for anything important....
Illustration

Graduation Design - Sensor Network Development Log

Welcome to my third development log. In the two previous logs, I discussed the pitfalls I met in the RoboMaster competition and FPGA course final project.This time I will be talking about my graduate design project, an air quality sensor network built by a 3-person group. The whole project is structured as follow:Obtain data from installed sensor modules and upload them to InfluxDB running on a serverSensors we used:MiCS6814, measures NO2, CO, and NH3Analog outputBME680, measures temperature, humidity, atmospheric pressure, and TVOCI2C interfacePMS5003, measures particle mattersUART serial outputExtra modules:ATGM336H, global positioning module with GPS+BeiDou supportUART serial outputESP8266, a widely used Wi-Fi moduleUART serial outputMH-CD42,...

Configure BGP Confederation & Fake Confederation in Bird (Updated 2020-06-07)

Changelog2020-10-01: Add warning to not filter private ASNs within the internal network2020-06-07: Add limitations of Bird confederation and a way to simulate confederation2020-05-17: Initial versionComparison of BGP Interconnection Schemes within an ISPMost ISPs, or Internet Service Providers, use the BGP protocol to exchange their route information. Each ISP will obtain an ASN (Autonomous System Number) from the regional NIC (Network Information Center, e.g., APNIC, RIPE), like China Telecom's ASN is 4134 for example. Then, ISPs connect their boundary routers via physical links (copper line, fiber, satellite link, etc.), and configure BGP protocol on the boundary routers, so they will tell the other part that: "I'm AS4134, and I can provide access to the IP block of 202.101.0.0/18"....

x32 ABI and Docker Containers

History of x86 & x86_64, and x32 ABIMost of the personal computers and servers we use nowadays use the x86_64 architecture, whose specification was released by AMD in 2000 and the first processor released in 2003. Since x86_64 is a 64-bit architecture, in x86_64, each register in the CPU can hold 64 bits of data (or 8 bytes). Before x86_64 went popular, most computers used Intel processors, and the corresponding x86 architecture / ISA, a 32-bit architecture whose registers hold 32 bit of data (or 4 bytes).One significant improvement of the 64-bit architecture is the improved memory addressing ability. Computers usually follow such a routine while accessing the memory: write the memory address to be accessed into a register,...

Writing a Simple Telegram Bot

Based on the requests of DN42 Telegram Group members, I plan to add Telegram Bot support to my Bird Looking Glass, so it is easier for them to look up whois information, testing networks and finding sources of route leaks. The bot is supposed to recognize commands starting with /, and respond to the message.My Looking Glass is written in Go, so at the beginning, I looked for Telegram Bot APIs in the Go language. However, those popular API libraries all use the same scheme for handling requests:Telegram server sends a callback to my own server;My program handles the request and may send multiple requests actively to the Telegram server, authenticated with a locally configured Token;Finally, the program actively sends a request to the Telegram server to send the response.While powerful,...

Remove OpenVPN's Stable-privacy IPv6 Addresses

On my VPSes, the TAP network interface created by OpenVPN has a randomly-generated IPv6 address with scope stable-privacy.This address itself is created randomly to prevent tracking users by their IPv6 addresses. But when building a network in DN42, BGP handshakes may originate from this address (rather than your manually assigned link-local address) and fail for mismatching origin/IP.The solution is to configure the TAP interfaces with sysctl, and disable the automatic address generation options. OpenVPN can be configured to run sysctl automatically when creating the interface:# Add to OpenVPN's config filescript-security 2up "/bin/sh -c '/sbin/sysctl -w net.ipv6.conf.$dev.autoconf=0 && /sbin/sysctl -w net.ipv6.conf.$dev.accept_ra=0 && /sbin/sysctl -w net.ipv6.conf.$dev....

Install/Upgrade to Debian 10 on OpenVZ 6

It's the year 2020. Why are you still using OpenVZ 6 VPSes?Because they only cost one dollar per year.Since the kernel of OpenVZ 6 is extremely old (Linux 2.6.32), newer systems cannot function normally on an old kernel, so I had to stick to Debian 8 with my previous OpenVZ VPSes.But I found a modified Glibc (C language runtime library) that allows running Debian 10 normally on OpenVZ 6.WARNINGI don't guarantee that the steps below are suitable for all OpenVZ VPSes, nor do I ensure the safety/integrity of this Glibc (I didn't look into its modifications, but speaking of security, the end-of-life OpenVZ 6 is probably the farthest thing from security).Backup your data, since in worst scenarios, you need to reinstall the OS.StepsThe author only provided DEB packages,...

Sharing Network Namespace Among Docker Containers for Bird Anycasting

At exactly one year ago, I set up an Anycast service with Docker in the DN42 network (Chinese only atm). Back then, I customized the container's image and added a Bird installation to it, then put in a config file to broadcast Anycast routes via OSPF. However, as time went by, a few problems were exposed:The process of installing Bird takes time. Instead of installing Bird with apt-get, since my Dockerfiles need to support multiple architectures (Chinese only atm), and Bird isn't available in some architecture's repos for Debian. And since my building server is AMD64, and is running images of other architectures with qemu-user-static (Chinese only atm), a lot of instruction translation is needed in the image building and software compilation progress, which is extremely inefficient....

Disabling Webcams During an Online Course

This post will explain the way to disable your webcam on Windows and Linux, so:On the OS level, prevent you from turning on the webcam by mistake, and live-stream your footage of having a meal lying on the bed playing games (NSFW)Prevent certain online lecturing software from secretly turning on the webcam.Windows ProceduresPress the Win+R combination key to open the Run window, type devmgmt.msc and enter to open the Device Manager. Your camera will be in Image Acquisition Devices category, right-click on it to disable it.(The following picture is taken from a Simplified Chinese Windows XP, but the procedure and icons should be similar for Windows 7 and 10.)When you need to use the camera, come back to re-enable it, and then close and reopen your browser or online lecturing software....