Linux 使用笔记(一)

1.Create new account

1
sudo adduser --home /home/username --shell /bin/bash --ingroup git username

2.List all groups and the user names that were in each group

1
2
3
for u in `cut -f1 -d: /etc/passwd`; do echo -n $u:; groups $u; done | sort

groups $(cut -f1 -d":" /etc/passwd) | sort

3.How to set up ssh so you aren’t asked for a password

You can create a RSA authentication key to be able to log into a remote site from your account, without having to type your password.

Note that once you’ve set this up, if an intruder breaks into your account/site, they are given access to the site you are allowed in without a password, too! For this reason, this should never be done from root.

  • Run ssh-keygen(1) on your machine, and just hit enter when asked for a password. This will generate both a private and a public key. With older SSH versions, they will be stored in ~/.ssh/identity and ~/.ssh/identity.pub; with newer ones, they will be stored in ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub.
  • Next, add the contents of the public key file into ~/.ssh/authorized_keys on the remote site (the file should be mode 600). If you are a developer and you want to access debian.org systems with such a key, it’s possible to have the developer database propagate your key to all of the debian.org machines. See the LDAP gateway documentation. You should then be able to use ssh to log in to the remote server without being asked for a password.

Reference:https://www.debian.org/devel/passwordlessssh

4.Finding all files containing a text string on Linux

1
2
3
$ grep -rnw 'directory' -e "pattern"
// eg:
$ grep -rnw source/_posts/  -e "pragma"

Reference: http://stackoverflow.com/questions/16956810/finding-all-files-containing-a-text-string-on-linux

5.Show bash script commands without executing them

There are two useful debug outputs for that task (both are written to stderr):

set -v mode (set -o verbose) prints commands to be executed to stderr just like they are read from input (script file or keyboard) prints everything before anything ( substitutions and expansions, …) big is applied set -x mode (set -o xtrace) prints everything like it really is executed, after substitutions and expansions applied indicates the depth-level of the subshell (by default by preceeding a + (plus) sign to the shown command) indicates the recognized words after word splitting by marking them like ‘x y’ in a 4.1 version of the shell, this debug output can be printed to a configurable file descriptor (by setting the BASH_XTRACEFD variable) rather than stdout

Hint: These modes can be entered when calling Bash:

from commandline: bash -vx ./myscript eventually (OS dependant) from shebang: #!/bin/bash -vx

Reference:http://wiki.bash-hackers.org/scripting/debuggingtips

6.Toggle Web Sharing on or off in OSX 10.10

1
2
3
4
5
6
7
8
9
10
11
12
13
// Start
sudo apachectl start

// Stop
sudo apachectl stop

// Restart
sudo apachectl restart

// find the Apache version
httpd -v

// After starting Apache – test to see if the webserver is working in the browser – http://localhost – you should see the “It Works!” text.

Reference:http://coolestguidesontheplanet.com/get-apache-mysql-php-phpmyadmin-working-osx-10-10-yosemite/

7.List open ports on your machine (Mac OS X)

1
sudo lsof -i -P | grep -i "listen"

Reference:http://juretta.com/log/2007/08/08/list_open_ports_on_your_machine_mac_os_x_/

8.What do the numbers in a man page mean?

1
2
3
4
5
6
7
8
9
10
11
12
13
14
MANUAL SECTIONS
    The standard sections of the manual include:

    1      User Commands
    2      System Calls
    3      C Library Functions
    4      Devices and Special Files
    5      File Formats and Conventions
    6      Games et. Al.
    7      Miscellanea
    8      System Administration tools and Deamons

    Distributions customize the manual section to their specifics,
    which often include additional sections.

9.jenkins

1
2
3
4
5
6
7
8
Note: When using launchctl the port will be 8080.

To have launchd start jenkins at login:
  ln -sfv /usr/local/opt/jenkins/*.plist ~/Library/LaunchAgents
Then to load jenkins now:
  launchctl load ~/Library/LaunchAgents/homebrew.mxcl.jenkins.plist
Or, if you don't want/need launchctl, you can just run:
  jenkins

10.Mac 上 Openssl 的配置文件路径

/System/Library/OpenSSL/openssl.cnf

11.Find

find的使用实例:

搜索当前目录(含子目录,以下同)中,所有文件名以my开头的文件:

1
$ find . -name 'my*'

搜索当前目录中,所有文件名以my开头的文件,并显示它们的详细信息:

1
$ find . -name 'my*' -ls

搜索当前目录中,所有过去10分钟中更新过的普通文件。如果不加-type f参数,则搜索普通文件+特殊文件+目录:

1
$ find . -type f -mmin -10

搜索当前目录中,所有以my开头的目录:

1
$ find ~ -type d -name 'my*'

Reference:http://www.ruanyifeng.com/blog/2009/10/5_ways_to_search_for_files_using_the_terminal.html

12.Enable Debian server pptpd’s log and debug

To diagnose faults, enable the options debug dump in /etc/ppp/pptpd-options. The change is effective on the next connection. The debug output goes to /var/log/debug, and the dump output and usual output to /var/log/messages.

Referenc:http://poptop.sourceforge.net/dox/debian-howto.phtml

13.iptables remove specific rules

Execute the same commands but replace the “-A” with “-D”. For example:

1
2
3
4
$ iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT
becomes

$ iptables -D INPUT -i eth0 -p tcp --dport 443 -j ACCEPT

14.How to use tcpdump?

tcpdump can be used to capture the packets exchanged between the PPTP Client and the PPTP Server. By comparing the packets with what should be happening, you may determine what the cause of a problem might be. Give to tcpdump the name of the network interface that connects to the PPTP Server, which for dial-up users would be ppp0, and for ADSL users eth0. Then, in another window or console, start the tunnel.

Start tcpdump in one window: Then run pppd in the other window:

1
2
# tcpdump -i eth0
# pppd call tunnel

The tcpdump command should show you the packets as they are received or transmitted. Press Control/C when you do not need to capture any more packets.

You should see a connection to port 1723, followed by GRE packets in both directions. If you can see this, then you have full network connectivity. If you can’t, you must find the problem.

Note: if you get an error:

tcpdump: pcap_loop: read: Network is down then you may be using tcpdump on the wrong interface. Use ifconfig to list the available interfaces and choose the one through which your client must contact the server. See our diagrams if you’re still confused.

The above technique is useful for quick checking, but for detailed analysis a binary tcpdump is required.

Security Warning Internet addresses of your client and server, usernames and passwords are included in a binary tcpdump. This information may allow someone to gain equivalent access to protected networks. If you do not want to give away this information, convert it to text and remove it before sending the log to someone else. If you have been asked to capture a complete tcpdump packet trace, for analysis by someone else, you should:

add -w file to tell it to save the packets to the file file, add -s 0 to capture all of each packet, and add tcp port 1723 or proto 47 to keep only the PPTP packets, if the client is performing other network traffic at the time. For example:

1
# tcpdump -i eth0 -w my.tcpdump -s 0 tcp port 1723 or proto 47

Again, once the packets have been collected, use Control/C to stop the tcpdump process. The file containing the packets can then be e-mailed or analysed.

You may analyse it using ethereal.

1
# ethereal my.tcpdump

Note: when using ethereal, clicking on a byte in the hex dump will highlight the field name of the data in the packet, and vice versa. You may also analyse it using tcpdump:

1
# tcpdump -n -r my.tcpdump > my.tcpdump.txt

This converts it to text, saving the output into a file my.tcpdump.txt. This often hides the username and password. You may wish to globally substitute the IP addresses. Check your results to ensure your security.

15.Viewing all iptables rules

You just need to specify the appropriate table:

1
2
$ iptables --table nat --list
$ iptables -t nat -L

If you don’t specify a table, the filter table is used as the default. You can get even more information by including the -v or –verbose option.

iOS 并发编程之 Thread

在 iOS 并发编程之 Operation 中,我们说过 GCD 是将线程管理的代码从应用层移到了系统层,它是基于线程技术的。虽然在 iOS 和 OS X 平台不鼓励直接使用线程实现并发,但它还是有它的应用场景。那么什么时候应该使用线程呢?

当我们的代码需要实时运行时用线程实现是一个好方法。虽然分发队列会尽可能快的执行你的任务,但是它们不能解决实时约束。如果你想让运行在后台的代码给你更可预期的行为,线程是一个更好的选择。

既然线程仍然有它的应用场景,我们还是有必要掌握它。

Thread是什么

线程是一种在应用中实现多条运行路径相对轻量的方法。在系统层,程序并排运行,系统根据程序的需要为每个程序分配执行时间。但是在每个程序内部存在一个或多个线程运行,它们可以被用来以同时或接近同时的方式执行不同的任务。系统本身实际上管理这些线程的运行,调度它们运行在可用的核上,根据需要中断它们以允许其他线程运行。

从技术角度看, 线程是管理代码执行所需的内核级和应用程序级数据结构的组合。内核级结构将事件分派到线程, 并在一个可用内核上协调线程的抢先调度。应用程序级结构包括用于存储函数调用的调用堆栈和需要管理、操作线程的属性和状态的应用程序结构。

在非并发应用中只有一个运行线程。它随应用的主程序开始和结束,一个一个地调用不同的方法或函数实现应用的行为。与此相反,支持并发的应用以一个线程开始,根据需要添加创建附加执行路径。每个新路径有它自定义的开始程序,它和应用的主程序是独立运行的。拥有多线程的应用提供两个重要的潜在优势:

  • 多线程可以改善应用的响应性
  • 多线程在多核系统上可以改善应用的实时性

如果你的应用只有一个线程,那么它需要做所有的事情。它必须响应事件,更新你应用的窗口和执行实现你应用行为需要的所有计算。单线程的问题在于它一次只能做一件事。当你的某个计算需要花费很长时间完成会发生什么呢?当你的代码忙于计算它需要的值,你的应用停止响应用户的事件和更新窗口。如果这种行为持续足够长的时间,用户也许认为你的应用已经挂起,于是尝试强制退出。但是,如果将自定义计算移到单独的线程上,则应用程序的主线程可以自由地响应用户交互。

在多核计算机如此普遍的今天,线程为某些类型的应用提供了一种提高性能的方法。线程可以在处理器不同的核上同时执行不同的任务,让应用在指定时间增加它工作数量成为了一种可能。

当然,线程并不是解决应用性能问题的万用药。提供好处的同时它也带来各种潜在问题。在应用内拥有多个可执行路径会增加你代码的复杂度。每个线程需要协调它和其他线程的行为以防止损坏应用的状态信息。因为单个应用的线程共享相同的内存空间,它们访问所有相同的数据结构。如果两个线程同时尝试操作相同的数据,一个线程可能覆盖另一个线程的修改,最终导致数据被损坏。即使在这里有了正确防护,你还是要当心编译器优化会在你的代码中引入隐蔽的问题。

继续阅读

iOS App 开发问题汇总(二)

1.Ad Hoc分发应用

导出Ad Hoc授权应用 Xcode > Product > Archive > Export

安装Ad Hoc分发的应用 Open iTunes > File > Add To Library… > select Ad Hoc provisioning profile and App.ipa > Sync

2.Xcode编译出现如下警告提示:

[WARN]warning: no rule to process file xxx.h’ of type sourcecode.c.h for architecture armv7

解决办法:这是因为检查到有.h文件在编译列表中了。所以只要在列表中去掉就可以了。

点击你的xcode项目文件,然后点击[Build Phases],确保在[Compile Sources]中没有.h文件。

Reference:Xcode编译提示:warning: no rule to process file ‘xxx.h’ of type sourcecode.c.h for architecture armv7

继续阅读