Immortal Blog∎

Symmetric encryption communication

The most straightforward way is that you can decide on an encryption key in reality and use symmetric encryption such as AES-256 to encrypt and decrypt all messages.
But it’s not convenient to exchange the key online. Because if you send the key using an unsafe channel that is being monitored, the attacker can also get the key and decrypt all your messages. The attacker can directly use passive attack (read-only, without any modification) to monitor the messages.
One way is to use asymmetric encryption communication.

Asymmetric encryption communication

The mechanism of asymmetric encryption can be that A and B each generate a set of public keys and private keys and then use the other one’s public key to encrypt the content and send it, and the other one can decrypt it with its private key after receiving it.
Therefore, even if the attacker gets A and B’s public keys, he cannot decrypt the messages because he needs to know the private key.
But it’s still not perfect.

MITM attack in asymmetric encryption communication

MITM means man-in-the-middle attack. Suppose you generate a public key and a private key for two clients, A and B, and then exchange the public keys of the two through a server C, and the server C is not secure. It is useless to monitor the public keys because only obtaining the public key cannot decrypt messages with the private key, so it cannot be monitored. But suppose B’s public key is replaced by C, and A uses this replaced public key C to encrypt messages. In that case, server C decrypts it with C’s private key, encrypts it with B’s public key, and B decrypts it with its private key. A and B have no sense, and C succeeds in a man-in-the-middle attack. Even if a secure key exchange technology such as the D-H key exchange method is used, the key exchange process can still be relayed by server C as a middleman.
The attacker cannot directly use passive attack to monitor the messages in asymmetric encryption communication. The attacker needs to manipulate and change the communication flow.

Sometimes we may find that a program is occupying a port, and we cannot use this port.
We can use two commands to solve this problem.

Find the program

1
2

netstat -anp | grep 4000
tcp6       0      0 :::4000                 :::*                    LISTEN      81970/hexo

Here we can find the pid 81970 before the program name.

Kill the program

1

kill -9 81970

If the permissions are not enough, add sudo before the command.

My method referenced many tutorials, fixed the errors and worked successfully.

Install mailutils

1

sudo apt install mailutils

Configure username and password

1

sudo nano /etc/postfix/sasl_passwd

Input SMTP server, account and password.

1

[smtp.126.com]:465 username@126.com:password

The password of the 126 mailbox needs to generate an authorization code in the settings.
Then run postmap.

1

sudo postmap /etc/postfix/sasl_passwd

In daily life, we may need to create a socks server to provide network for other hosts.
I summarized the method of creating socks service through dante-server under Ubuntu 20.04.

install dante-server

1

sudo apt install dante-server

add user for dante-server

Use this method to create a user to prevent it from logging in.

1

sudo useradd -s /sbin/nologin dante-socks

Edit the configuration file

1

sudo nano /etc/danted.conf

minimal configuration for dante-server

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

logoutput: syslog stdout
internal: ztuku335yr port = 1080
external: ens3
user.notprivileged: dante-socks
clientmethod: none
socksmethod: none
#allow connections from local network
client pass {
        from: 10.0.0.229/24 to: 0.0.0.0/0
        log: error # connect disconnect
}
socks pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        command: bind connect udpassociate
        log: error # connect disconnect iooperation
}
socks pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        command: bindreply udpreply
        log: error # connect disconnect iooperation
}

Install nvme-cli

1

sudo apt-get install nvme-cli

List disks

1

sudo nvme list

View the details of the hard drive

1

sudo nvme smart-log /dev/nvme0

Auto refresh status

1

sudo watch -n 1 nvme smart-log /dev/nvme0

Only view the temperature info

1

sudo nvme smart-log /dev/nvme0 | grep "^temperature"

To create a private Ubuntu image, the commonly used tools are debmirror and apt-mirror.
As of today (2021-05-17), these two tools have their own advantages and disadvantages.

debmirror

debmirror document
debmirror has many downloading methods, and it will compare the local file with the file on the server before downloading so that only the missing files are downloaded. However, it does not seem to support multi-threaded downloading. Debmirror is downloaded one by one, so the download speed is relatively slow.

apt-mirror

apt-mirror document
apt-mirror supports 20 threads to download at the same time by default. If you choose a suitable mirror station, the download speed can reach the maximum of my network. However, it does not seem to make a comparison. Although it can speed up the download start speed, sometimes some files may be lost, resulting in an incomplete mirror, so the client
cannot be updated.

how to write the config file

In order to download the complete package, we need to modify the configuration file in /etc/apt/mirror.list. Use this format to ensure that the i386 package will be downloaded.

1
2

deb-amd64 http://mirrors.aliyun.com/ubuntu focal main restricted universe multiverse
deb-i386 http://mirrors.aliyun.com/ubuntu focal main restricted universe multiverse

Combine them together

Therefore, in order to achieve a balance between efficiency and completeness, we can combine apt-mirror and debmirror.
We can first use apt-mirror to download quickly, then we can use debmirror to check and download the missing packages.
Maybe this is the best way to download the Ubuntu mirror.

Commit code

1
2

git add .
git commit -m "feat: xxxxxx"

How to revoke after commit

1

git reset --soft HEAD^

This successfully revoked the commit. Note that only the commit operation is withdrawn, and the code modification remains.

git reset parameters

--mixed
do not delete the workspace to change the code, cancel the commit, and cancel the git add . operation. This is the default parameter.

--soft
do not delete the workspace to change the code, cancel the commit, and do not cancel the git add ..

--hard
delete workspace change code, revoke commit, revoke git add .. After completing this operation, it is restored to the last commit state.

Using NodeSource

Refer to the NodeSource documentation for more information on the available versions.

Node.js v14.x:

1
2
3
4
5
6
7

# Using Ubuntu
curl -fsSL https://deb.nodesource.com/setup_14.x | sudo -E bash -
sudo apt-get install -y nodejs

# Using Debian, as root
curl -fsSL https://deb.nodesource.com/setup_14.x | bash -
apt-get install -y nodejs

Upgrade npm

1

npm install -g npm

LVM overview

Physical Volume (PV)

Refers to a disk partition, or a device (such as RAID) that has the same function as a disk partition. It is the basic storage logical block of LVM, but compared with basic physical storage media (such as partitions, disks, etc.), it contains LVM-related Management parameters.

Volume Group (VG)

Similar to a physical disk in a non-LVM system, it is composed of one or more physical volumes PV. One or more LVs (logical volumes) can be created on the volume group.

Logical Volume (LV)

Similar to disk partitions in non-LVM systems, logical volumes are built on the volume group VG. A file system (such as /home or /usr, etc.) can be established on the logical volume LV.

When using golang to write complex projects, it is often useful to use multi-coroutine concurrency scenarios. At this time, it is easy to cause the problem of coroutine leaks due to negligence, and then produce similar memory leaks. This article focuses on the investigation of coroutine leaks, and provides ideas and practices for visual analysis of golang program memory.

Introduction to pprof

pprof is a tool for visualization and analysis of profiling data.
pprof reads a collection of profiling samples in profile.proto format and generates reports to visualize and help analyze the data. It can generate both text and graphical reports (through the use of the dot visualization package).

How to use pprof

Add monitoring code

First, we need to add monitoring code in the golang program, and expose it through the http interface.

1
2
3
4
5
6
7
8
9
10
11

package main

import _ "net/http/pprof"
import "net/http"

func main() {
	go func() {
		_ = http.ListenAndServe("0.0.0.0:8081", nil)
	}()
	// your code
}

Then we start the program that needs to be analyzed, and we are ready to analyze it.