Yearly Archives: 2012

无奈何

小时候一些小事就算现在长大了,至今也还耿耿于怀。因为我小时候骑车很野,大人从来不放心我驼更小的孩子,其实他们根本不知道,我比看上去老实的孩子驼人更仔细,因为我清楚摔了的后果。有一次傍晚过江那边去姨妈家想拉表妹过江这边来,可惜被拒绝了,也是恐惧我骑车之莽撞吧。他们完全不知道,我当是驼人,真有多仔细和小心。

长大了我也没觉得要做什么改变来让人觉得靠谱,人常说有三:莫要胡言狂语,莫要不尊老长,莫要轻言傲物。对待这些也只能哂笑偏耳。旁人爱以常理看事,怎知我肚中锦绣。

科学上网之 Mac Auto Proxy

简单的办法

把 Pac 地址填到这里即可:

这种办法可能会在 10.8 的系统下出问题,表现为某些 app 工作不正常,那么我们用这种稍微复杂的办法。

复杂的办法

bypass 参考:


*.local, localhost, 0.0.0.0/32, 10010.com, 115.com, 115img.com, 123cha.com, 126.com, 126.net, 163.com, 24quan.com, 265.com, 360buy.com, 39.net, 51.com, 51cto.com, 51img1.com, 51job.com, 51jobcdn.com, 56.com, 58.com, 91.com, abchina.com, admin5.com, alibaba.com, aliimg.com, alimama.com, alipay.com, alisoft.com, appinn.com, baidu.com, bdstatic.com, baixing.com, bdimg.com, bjbus.com, go2map.com, blogbus.com, blogchina.com, blueidea.com, bokee.net, caing.com, ccb.com, china.com, chinabyte.com, chinahr.com, chinamobile.com, chinanews.com, chinaren.com, chinaunix.net, chinaz.com, cmbchina.com, cnbeta.com, cnblogs.com, cntv.net, comsenz.com, csdn.net, ct10000.com, ctrip.com, dangdang.com, daqi.com, diandian.com, dianping.com, discuz.net, donews.com, douban.com, dpfile.com, dream4ever.org, eastmoney.com, elong.com, et8.org, fengniao.com, ganji.com, gfan.com, gfw.io, goodbabygroup.com, gougou.com, gtimg.com, hao123.com, hi-pda.com, hiapk.com, huanqiu.com, hudong.com, iciba.com, img-space.com, infzm.com, ip138.com, it168.com, jandan.net, jiepang.com, kaixin001.com, ku6.com, ku6cdn.com, ku6img.com, lampdrive.com, lashou.com, lashouimg.com, letao.com, manzuo.com, mapabc.com, mapbar.com, meishichina.com, meituan.com, mop.com, mtime.com, mydrivers.com, nbweekly.com, netease.com, nuomi.com, onlinedown.net, oschina.net, paipai.com, pchome.net, pcpop.com, pengyou.com, ppstream.com, pptv.com, qiyi.com, qq.com, qunar.com, qvbuy.com, renren.com, rrimg.com, sanguosha.com, sdo.com, sf-express.com, sina.com, iask.com, sinaimg.com, sogou.com, sohu.com, soku.com, soso.com, soufun.com, soufunimg.com, taobao.com, taobaocdn.com, tdimg.com, tenpay.com, tgbus.com, tmall.com, tudou.com, tudouui.com, uusee.com, vcimg.com, verycd.com, weibo.com, weiphone.com, xiami.com, xiami.net, xici.net, xilu.com, xinhuanet.com, xinnet.com, xitek.com, xunlei.com, yesky.com, yihaodian.com, yihaodianimg.com, ykimg.com, ynet.com, youdao.com, youku.com, yupoo.com, zaobao.com, zhaopin.com, zhihu.com, idailyapp.com, logmein.com, my.cl.ly, synacast.com, pplive.com, eyoudi.com, 0x110.com, kuaidi100.com, duapp.com, xiachufang.com, wandoujia.com, zhi.hu, adobe.com, chiphell.com, *.10010.com, *.115.com, *.115img.com, *.123cha.com, *.126.com, *.126.net, *.163.com, *.24quan.com, *.265.com, *.360buy.com, *.39.net, *.51.com, *.51cto.com, *.51img1.com, *.51job.com, *.51jobcdn.com, *.56.com, *.58.com, *.91.com, *.abchina.com, *.admin5.com, *.alibaba.com, *.aliimg.com, *.alimama.com, *.alipay.com, *.alisoft.com, *.appinn.com, *.baidu.com, *.bdstatic.com, *.baixing.com, *.bdimg.com, *.bjbus.com, *.go2map.com, *.blogbus.com, *.blogchina.com, *.blueidea.com, *.bokee.net, *.caing.com, *.ccb.com, *.china.com, *.chinabyte.com, *.chinahr.com, *.chinamobile.com, *.chinanews.com, *.chinaren.com, *.chinaunix.net, *.chinaz.com, *.cmbchina.com, *.cnbeta.com, *.cnblogs.com, *.cntv.net, *.comsenz.com, *.csdn.net, *.ct10000.com, *.ctrip.com, *.dangdang.com, *.daqi.com, *.diandian.com, *.dianping.com, *.discuz.net, *.donews.com, *.douban.com, *.dpfile.com, *.dream4ever.org, *.eastmoney.com, *.elong.com, *.et8.org, *.fengniao.com, *.ganji.com, *.gfan.com, *.gfw.io, *.goodbabygroup.com, *.gougou.com, *.gtimg.com, *.hao123.com, *.hi-pda.com, *.hiapk.com, *.huanqiu.com, *.hudong.com, *.iciba.com, *.img-space.com, *.infzm.com, *.ip138.com, *.it168.com, *.jandan.net, *.jiepang.com, *.kaixin001.com, *.ku6.com, *.ku6cdn.com, *.ku6img.com, *.lampdrive.com, *.lashou.com, *.lashouimg.com, *.letao.com, *.manzuo.com, *.mapabc.com, *.mapbar.com, *.meishichina.com, *.meituan.com, *.mop.com, *.mtime.com, *.mydrivers.com, *.nbweekly.com, *.netease.com, *.nuomi.com, *.onlinedown.net, *.oschina.net, *.paipai.com, *.pchome.net, *.pcpop.com, *.pengyou.com, *.ppstream.com, *.pptv.com, *.qiyi.com, *.qq.com, *.qunar.com, *.qvbuy.com, *.renren.com, *.rrimg.com, *.sanguosha.com, *.sdo.com, *.sf-express.com, *.sina.com, *.iask.com, *.sinaimg.com, *.sogou.com, *.sohu.com, *.soku.com, *.soso.com, *.soufun.com, *.soufunimg.com, *.taobao.com, *.taobaocdn.com, *.tdimg.com, *.tenpay.com, *.tgbus.com, *.tmall.com, *.tudou.com, *.tudouui.com, *.uusee.com, *.vcimg.com, *.verycd.com, *.weibo.com, *.weiphone.com, *.xiami.com, *.xiami.net, *.xici.net, *.xilu.com, *.xinhuanet.com, *.xinnet.com, *.xitek.com, *.xunlei.com, *.yesky.com, *.yihaodian.com, *.yihaodianimg.com, *.ykimg.com, *.ynet.com, *.youdao.com, *.youku.com, *.yupoo.com, *.zaobao.com, *.zhaopin.com, *.zhihu.com, *.idailyapp.com, *.logmein.com, *.synacast.com, *.pplive.com, *.eyoudi.com, *.0x110.com, *.kuaidi100.com, *.cn, *.bdstatic.com, *.fastif.net, *.duapp.com, *.xiachufang.com, *.wandoujia.com, *.wdjimg.com, chdbits.org, *.zhi.hu, *.adobe.com, *.chiphell.com, help.apple.com

Mac 服务器上开启 Radius 作 WiFi 验证

Airport 配合 MoLo 10.8 可以在 server.app 以 GUI 方式开启 radius 服务,非常方便,开启后你的 wifi 会使用 WPA2 企业级验证,cool 哦,需要输入用户名密码。

如果没有 Airport,其实任何支持 WPA 企业级验证的路由器都行,Tomato,DDWrt 等等,我们手动设置下 radius 服务即可。

在这里我用的是一台 Mac mini server 开启 radius 服务,airport + tomato 路由器使用这个 radius 做主验证服务器。

我们先准备好一份 cert + key

打开 keychain ,选择 system->my certificates,看到一个类似 你macnini名字.local 的证书,选中它和它的 key,导出到桌面成 wifi.p12

终端执行命令:

openssl pkcs12 -in ~/Desktop/wifi.p12 -out /etc/raddb/certs/server.key -nodes -nocerts
openssl pkcs12 -in ~/Desktop/wifi.p12 -out /etc/raddb/certs/server.crt -nodes -nokeys
radiusconfig -installcerts /etc/raddb/certs/server.key /etc/raddb/certs/server.crt
#以上安装证书
dseditgroup -q -o create -u admin -n . com.apple.access_radius
#以上添加radius到sacl
radiusconfig -setconfig auth yes
radiusconfig -setconfig auth_badpass yes
radiusconfig -setconfig auth_goodpass yes
radiusconfig -autorotatelog on -n 15
chmod -R 775 /private/var/log/radius
#以上打开log
radiusconfig -addclient 你AP的IP地址 myAP other
#添加AP到radius,会提示你输入一个 secret,输入,记住

OK,先终端工作到这,我们打开 server.app

选择 Open Directory 打开次服务,然后 View->Show System Accounts,点 Users,添加一个网络用户,例如 epgay,再到 Groups,找到 radius (可以用旁边的搜苏框),双击,在蹦出的对话框下面有个 members,点 + 号把 epgay 添加进去。

好了,让我们回到终端:

radiusd -X

打开 radius debug 模式,然后我们做点测试,在本地 terminal 下执行

sudo radtest epgay 密码 macmini服务器IP 18128 你设置的secret

如果本地没有 radtest 命令,在服务器上也行。。

如果一切OK,你会看到:

Sending Access-Request of id 96 to 192.168.1.xx port 1812
	User-Name = "epgay"
	User-Password = "wktoo"
	NAS-IP-Address = 192.168.1.xx
	NAS-Port = 18128
	Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 192.168.1.xx port 1812, id=96, length=20

那么我们完工了,最后配置 radius 作为永久服务:

radiusconfig -start

最后我们到 airport 和 tomato 里设置 wifi 验证为 WPA2 enterprise 即可。你最好还再配置一个 radius 作为备用,否则你的 Mac mini 挂了,wifi 便无法使用。

没有显示器的情况下设置新 Mac Mini

没有什么比兴冲冲的带着新 Mac Mini 回家然后发现家里没有一个显示可以用来设置它更囧的事情了吧。。

其实没有显示器也可以完成任务,不过你得准备好一条 firewire 线或者 thunderbolt 线,然后和一台 Mac 相连,找一个键盘连上 mac mini,按下 T,然后开启 mini,这会让 mini 进入 target disk mode,然后我们从另外一台 mac 使用这个磁盘引导进 mini 的系统(选择启动磁盘),yeah,成功完成 mini 新系统的设置,进入桌面。然后我们打开 mini 系统的远程管理桌面(screenshare或者remote management),关机拆除连线,mini接上网线,即可通过网络用另外一个 mac 管理 mini 啦。

2012 late 新款 Mac mini 做 NAS 真是超赞的!