During the National Day holiday, I purchased a Raspberry Pi 3B and a bunch of sensors from Taobao to start some projects. Due to holiday shipping delays, all components arrived piecemeal days after the vacation ended. First, a photo of the completed setup: I ordered from five different stores: Raspberry Pi 3B (with case, fan, heatsinks, power supply) SanDisk 32GB TF card Raspberry Pi sensor kit (3.3V compatible, 16 sensors total) 5-inch 800x480 touchscreen DS3231 RTC module and GPIO pin labels (purchased later) Raspberry Pi Unit The Pi 3B arrived first. However, the TF card hadn't arrived yet, leaving the Pi unusable. I proceeded to assemble the case and cooling system. Encountered an issue: The case's internal support pillars were misaligned....

Recently, I suddenly noticed that the daily emails from my self-built Baidu Tieba check-in system had stopped, though the check-ins were still happening normally. When I checked the Mailgun interface, the status was all red: The logs showed a long list of bounce messages sent to my Outlook mailbox, such as: The error indicated that Mailgun's entire AS (Autonomous System) had been blacklisted by Outlook. It was now completely unusable. The good news is that many email service providers offer similar services to Mailgun, such as SendGrid. I quickly registered an account on their website, enabled SMTP, and connected my Tieba check-in system, NextCloud, and other services without any issues. The bad news is that my blog uses CommentGun , which I specifically developed for Mailgun,...

OpenSSL provides experimental support for TLS 1.3 in its latest beta version, including a series of performance and security optimizations. The latest nginx 1.13 series has also added relevant options for TLS 1.3. However, since TLS 1.3 is still in draft status, there are some challenges to overcome when using it now: TLS 1.3 currently has three draft versions (18, 19, 20) implemented by OpenSSL and others, but they are mutually incompatible, and no SSL library combines all three. Browsers like Chrome and Firefox widely use draft version 18, but this version of OpenSSL doesn't support TLS extensions, which are required for Certificate Transparency. Although the latest nginx-ct plugin adds Certificate Transparency support for TLS 1.3, due to issue #2,...

2020-03-16 Notice This article has an updated version: see 《 Introduction to the DN42 Experimental Network (2020 Edition) 》. The new version features a more detailed registration process and has been updated to reflect changes in DN42 over the past three years. The following content was written in 2017 and is for archival purposes only. DN42, short for Decentralized Network 42, is a large-scale VPN network. Unlike traditional VPNs, DN42 utilizes technologies commonly deployed on internet backbones (such as BGP), effectively simulating a real-world network environment. Due to its realistic nature, the barrier to entry for DN42 is relatively high. You'll need to act as an ISP (Internet Service Provider): register an ASN number, obtain IPv4 and IPv6 address pools,...

Preface Most ISPs in China do not provide IPv6 addresses to users, except for the Education Network. However, the IPv6 service on the Education Network is highly unstable (possibly specific to my institution), and once you leave campus, IPv6 becomes unavailable, which is quite frustrating. One alternative is using HE.NET's tunnel service . After SixXS shut down, they are currently the largest remaining IPv6 tunnel provider, and their service is completely free. However, their service isn't suitable for home network environments in China, as home networks typically have dynamic IPs, and some ISPs have started using large-scale NAT to save costs, preventing users from obtaining independent IPs and causing conflicts within the same internal network....

Preface Achieving intercommunication between containers on multiple Docker servers is a challenging problem. If you build your own overlay network, you need to set up services like etcd on one server. But if the server hosting etcd crashes, the entire network goes down. The cheap VPS I use occasionally experiences network interruptions, and I often accidentally crash servers myself, so this approach isn't feasible for me. Docker also has other commercial overlay networking solutions like Weave, but for individual users, these solutions are too expensive (I'm just experimenting for fun), so they're not considered either. In these network architectures, central servers like etcd or Weave record which server each container is on and its internal IP, allowing DNS resolution to any container....

The Network Center of Northeastern University provides an SSH blacklist on its official website, which records IP addresses detected using port scanning tools on SSH ports. This system appears to be based on statistics collected from their own honeypot servers. They also offer a downloadable hosts.deny file corresponding to the blacklist, allowing users to automatically update the SSH blacklist and block these scanners (preventing them from logging in) using scheduling tools like cron. It's unclear exactly when this system was implemented, but it has been operational for at least two years. Additionally, the blocking duration for these IP addresses appears to be 60 days from their last detection. Usage method: Install cron on your server and run the following commands to set up the script:...

The Android system provides user-accessible storage space, allowing users to manage their files with ease (compared to iOS). However, some applications create numerous folders directly in the storage root directory, disrupting file management and posing a significant nuisance for users with organizational preferences. To address this, I developed an Xposed module. This module hooks into Android's File class. Whenever an app attempts to read or write files/folders in the root directory, the module first checks if the target exists. If it exists, the operation proceeds normally; if not, the operation is redirected to the /Android/files directory. Compared to XInternalSD,...

Often, when replying on websites with self-hosted comment systems like WordPress or Typecho, one has to constantly check back to see if their comment has been replied to. However, for most people, this is very inconvenient. A common solution for bloggers is to install an email notification plugin. When a commenter's comment receives a reply, an email notification is sent to alert them. The most widely used plugin on Typecho is CommentToMail, initially developed by DEFE and later maintained by Byends Upd . This plugin sends emails using standard methods like PHP Mail, SendMail, or SMTP. However, instead of registering dedicated email accounts for notifications, bloggers are now adopting email platforms like Mailgun. These platforms provide API-based email sending capabilities,...

Docker is a container management software for Linux. Each container is functionally similar to an OpenVZ VPS, allowing isolation of applications on a server. This isolation enables different versions of the same software or conflicting applications to run on the same server. For example, MySQL 5.7, MySQL 5.6, and MariaDB 10.1 can run simultaneously in three separate Docker containers on one server. However, Docker surpasses OpenVZ in its more flexible Linux kernel version requirements. OpenVZ kernels remain stuck at 2.6.32 (stable) and 3.10 (development), while Docker runs on any Linux kernel above 3.10. My server currently uses Linux kernel 4.9 (for BBR support), which clearly cannot run OpenVZ but works perfectly with Docker....