深度系統與優麒麟

深度系統與優麒麟都是國內知名由國內開發的 Linux 系統，她們各有特色，現在介紹一下。

深度系統 (Deepin Linux) 是由中國武漢深度科技公司基於 Debian 穩定版進行開發。其中的深度系統桌面環境 (DDE) 是深度科技公司的一個開源項目。

深度系統支援多國語言，其桌面環境設定簡單直覺，並沒有多餘的步驟。她備有自己的軟件庫，而當中的軟件是常用軟件，安裝和移除軟件簡單容易，只需一鍵點擊就可以了。微軟視窗系統的軟件大多可以在其中運行，因為這系統是專為用戶由視窗系統過渡到 Linux 而不能不使用微軟視窗的產品而設計的。她開機和關機都十分快速，唯一的不足之處是她並不支援全碟加密的設定。

優麒麟 (Ubuntu Kylin) 是由工信部軟件與集成電路促進中心和中國人民解放軍國防科技大學與 Ubuntu 的支援公司 Canonical 在北京聯合創立「CCN 開源軟件創新聯合實驗室」而開發的。其桌面環境是基於 MATE 的 UKUI。

優麒麟是專為國內用戶而設計，雖然她支援多國語言，但其專有的軟件庫是簡體中文介面的。她是為那些由微軟視窗轉到 Linux 又完全放棄視窗的用戶而設計的。在其軟件庫中，她會介紹有那些是微軟視窗軟件的代替品，非常體貼。她的 UKUI 用戶介面非常類似視窗介面，用戶是不會陌生的，但她百分之百是 Ubuntu。所有軟件是最新版本，而設定方面亦與 Ubuntu 一樣。

深度系統與優麒麟所面對的客戶群各有不同，目的都是為視窗用戶轉移到 Linux 而設計的，各有其優勢之處。如果大家有空的話，可以安裝深度系統和優麒麟，體驗一下其功能和設計。


深度系統
優麒麟

For Want Of A Nail (只因少了一颗钉)

For Want of a Nail

For want of a nail the shoe was lost.
For want of a shoe the horse was lost.
For want of a horse the rider was lost.
For want of a rider the message was lost.
For want of a message the battle was lost.
For want of a battle the kingdom was lost.
And all for the want of a horseshoe-nail.

-- Benjamin Franklin


只因少了一颗钉

少了釘子，失了蹄鐵。
少了蹄鐵，失了戰馬。
少了戰馬，失了騎士。
少了騎士，失了情報。
少了情報，失了勝仗。
少了勝仗，失了王國。
這全因少了馬蹄鐵釘。

-- 佛萊登




See Also

The Butterfly Effect

In chaos theory, the butterfly effect is the sensitive dependence on initial conditions in which a small change in one state of a deterministic nonlinear system can result in large differences in a later state.

蝴蝶效應

蝴蝶效應 (Butterfly effect) 是指在一個動態系統中，初始條件下微小的變化能帶動整個系統的長期的巨大的連鎖反應，是一種混沌的現象。“蝴蝶效應”在混沌學中也常出現。


The Broken Windows Theory

The broken windows theory is a criminological theory that visible signs of crime, anti-social behavior and civil disorder create an urban environment that encourages further crime and disorder, including serious crimes. The theory thus suggests that policing methods that target minor crimes such as vandalism, public drinking and fare evasion help to create an atmosphere of order and lawfulness, thereby preventing more serious crimes.

破窗效應

破窗效應（英语：Broken windows theory）是犯罪學理論，由詹姆士·威爾遜及喬治·凱林（George L. Kelling）提出，刊載於《The Atlantic Monthly》1982年3月版的一篇題為《Broken Windows》的文章上，論及環境中的不良現象如果被放任存在，就會誘使人們仿效，甚至變本加厲。


Reference

Wikipedia - For Want of a Nail
维基百科 - 只因少了一颗钉
Wikipedia - Broken Windows Theory
维基百科 - 破窗效应
Wikipedia - Butterfly Effect
维基百科 - 蝴蝶效应


That's all! See you.

國家是甚麼？

家居網絡安全守則

鑑於近日發生了很多路由器和網絡儲存裝置被入侵的事故，我覺得有必要加強一下我們對家居網絡安全的知識。大部份人都是對網絡安全一知半解或者完全一竅不通的，所以我會用一些直接的方式去說明而避免了一些專業的用語。

路由器 (Router)

路由器有分有綫和無綫兩種，而大部份的家居路由器都是二合一的版本，即是有綫和無綫功能集於一身。

在設定路由器時，必須要更改路由器預設的密碼，更要有一個較強而複雜的密碼。

在設定路由器管理時，絕對不可以設定為可供遠端管理 (Remote Management) ，即是不可以在家以外的地方來遙控管理路由器。通常大部份的路由器預設遠端管理是啟動的。

在設定無綫路由器時應當設定為 WPA3 制式，如沒有的話至少要設定為 WPA2。至於加密方面，最好是 AES 並且至少要有十二位的密碼，而密碼方面就需要包括英文大小楷、數目字和標點符號。在本年底 WPA3 的路由器將會面世，在此時必須要設定為 WPA3 制式。

經常更新路由器韌體 (Firmware)，若果官方一年或以上沒有發表路由器韌體更新或型號已經停產的話，就必須購買新一款的路由器替換。永遠要保持路由器的規格是最新的。

不要輕易開放埠 (Port)，需要檢查一下有沒有埠是開放於互聯網中，例如埠 22 (SSH)、23 (Telnet)、80 (http)、443 (https) 或 8080 (proxy)，如有發現的話，我強烈建議立即關閉這些埠在互聯網中開放，要注意的是有些路由器是預設開放的。

桌面電腦 (Desktop)

經常更新作業系統，保持其為最新版本。不要安裝或下載不明來歷的軟件，更不應使用侵權軟件或多媒體。要經常更新瀏覽器並且不要瀏覽不良網站或侵權網站。最好是安裝及啟動防火牆並且不可輕易開放埠 (Port) 。

如果是微軟視窗系統的話，一定要安裝防毒軟件。蘋果公司的 macOS 或 Linux 的話，可以考慮安裝防毒軟件。至於 Linux 更可以零成本加固的 (詳情可以參考我的博客)。

不可以繼續使用舊版本的作業系統 (Operating System)，更不應使用已經停止支援和更新的作業系統。

網絡儲存裝置 (NAS)

若果有網絡儲存裝置的話，我絕對不贊成直接接駁到互聯網作遠端存取。如果必需要遠端存取的話，我強烈建議必須使用虛擬私人網絡 (VPN)，並必須經常更新韌體。通常虛擬私人網絡都可以在比較貴價的路由中找到。

最後，祝大家安全地和暢快地在互聯網中衝浪！

Samiux
OSCE OSCP OSWP
二零一八年六月七日 中國香港



Home Network Security Rules

Recently, there are a lot of routers and network attached storage (NAS) devices infected by malware or being attacked. It is a high time to refresh our home network security knowledge.

Router

There are wired and wireless routers in the market. Home routers equipped both. We should change the default password of the router in the login control panel with strong and complicated password. It is not wise to let the router to be controlled remotely. It is better to disable this feature or function even it is enabled by default.

When setting wireless, it is recommended to set it to WPA3 when it is available in the end this year. If not, at least set it to WPA2 with AES encryption. Strong and complicated password should be set. Make sure uppercase and lowercase, numberic and symbols to be set for the password.

Update the router firmware when it is available and always keep it up-to-date. If you do not get the firmware update for more than a year from the vendor or the router has been phased out, you should purchase a new and modern one.

Make sure port 22 (ssh), 23 (telnet), 80 (http), 443 (https) and 8080 (proxy) are not opened or forwarded to the public in the router.

Desktop

Update your operating system often and keep it up-to-date. Do not install any pirate or unknown sourced software or multi-media. Make sure no port is opened to the public.

If you are using Microsoft Windows systems, it is recommended to install anti-virus program. You may consider to install anti-virus program on Apple macOS and Linux systems. Meanwhile, you can harden your linux system with no extra cost, for details please read my blog.

Never use a not up-to-date operating system especailly when there is no more support or it is already phased out.

Network Attached Storage (NAS)

Make sure update the firmware with the latest firmware often. I am not recommended to let your NAS to be accessed from the internet. I strongly recommended to do it via virtual private network (VPN) when necessary. Most expensive routers may equipped with VPN feature.

Finally, happy internet surfing!

Samiux
OSCE OSCP OSWP
June 7, 2018 Hong Kong, China

保衛橋頭堡

嚴格來說我身兼數職，我既是開源項目開發者、系統管理員、網絡滲透測試員、資訊科技安全硏究員、又是公司文員。我是一名資訊科技安全愛好者，擁有有關的專業認證，就是 OSCE，OSCP 及 OSWP。

我家裏有兩個網絡，一個是日常運作的網絡另一個是用作滲透測試和軟件測試之用。日常運作的網絡中有一台網頁伺服器，一台私人雲端檔案伺服器，一台虛擬系統伺服器，二台路由器和一台防禦入侵系統，網頁伺服器還有人工智能網頁防火牆。

我每日的例行工作是更新所有桌面系統及伺服器系統，閱讀有關資訊科技安全有關的新聞和硏究報告，開發資訊科技安全有關的開源軟件或系統，撰寫博客等，作為一個業餘的資訊科技安全人員來說真是工作煩多。

因為我有編程和資訊科技安全底子，所以我開發了一些資訊科技安全的開源項目，其中有防禦入侵系統 (Croissants，牛角麵包) 和人工智能網頁防火牆 (Longjing，龍井)，它們都是由我自主硏發的。

我所開發的防禦入侵系統能夠防止已知具有惡意的網絡地址存取我的網絡、可以防止已知的惡意軟件的下載或存取、可以防止網絡掃描軟件向我的網絡進行掃描、可以防止一些已知的安全漏洞被利用、防止我瀏覽一些已知的惡意網站。它具有極低的延遲特性，可以讓我流暢地觀看 4K 視頻及玩綫上遊戲，而且所有防禦入侵的安全規則都是免費的，更兼容各大常用電腦和手機系統。在硬件上的要求並不算高，建設成本極低，具有效率高和防禦性強及經濟的特性。

至於網頁防火牆，它是一個深度學習的人工智能網頁防火牆，這是一個開源項目。它主要是防禦資料庫注入 (SQL Injection, SQLi) 的攻擊，但它亦能夠防禦跨站腳本 (Cross Site Scripting, XSS) 和一些較低危險性的攻擊，它更具有迷惑網站漏洞掃描器的能力。若果有惡意的黑客利用網站漏洞掃描器來掃描我的網站，他們的掃描器會回報極多的漏洞，但是這些漏洞完全都是誤報的，這樣那些惡意的黑客就會被我的網頁防火牆誤導而浪費了很多時間去對每一個誤報的漏洞來查證。這個人工智能網頁防火牆極易安裝和維護，雖然效率並不十分高但其偵測準確率達到九十九巴仙以上，這是十分不錯的。

就是因為這兩個由我自主硏發的開源項目的應用，我可以比較安心地處理其他的資安事項而無需時常要親力親為地監察我的網絡安全。雖然這個世界上沒有絕對安全的電腦系統 (No System Is Safe)，但我的開源項目的確能夠分擔一些煩重的資安工作，這是非常理想的。再加上我在每一台 Linux 桌面系統及 Linux 伺服器都加固了，尤其是火狐瀏覽器，這樣我就更安心了。

我就是這樣保衛我的橋頭堡 - 網絡。



Bridgehead Defense

I am not only a clerk but also an open source project developer, system administrator, penetration tester, information security (infosec) researcher. I am an information security enthusiast with OSCE, OSCP and OSWP certificates.

I have two networks at home, one of them is for production and the other is for testing purpose. There are a web server, a private cloud server, a virtual machine hosting server, two routers, an intrusion detection and prevention system (IDPS) in the production network. Meanwhile, there is a web application firewall (WAF) for the web server too.

I update all my desktops and servers; read information security articles and research reports; developing infosec related open source projects and writing blog articles every day. It is a lot of work for a amateur information security guy indeed.

Since I have programming and infosec background, I develop some infosec related open source projects, such as IDPS (Croissants) and deep learning driven WAF (Longjing).

The IDPS prevents known IP addresses with malicious intention to access my network; it prevents known malware from being downloaded or accessed; it prevents my network from being scanned by vulnerability scanners; it prevents known vulnerabilities from being exploited; and it prevents me from accessing malicious web sites. Meanwhile, I can watch 4K video and play demanding online games due to the low latency of the IDPS. All the rules are free of charge and it is compatible with popular operating systems and smartphones. It is a low cost and high performance solution.

For the WAF, it is an open source deep learning driven WAF which is mainly designed for prevent the web application from being attacked by SQL Injection (SQLi). However, it also detects Cross Site Scripting (XSS) and other vulnerabilities too. It spoofs all the web application vulnerability scanners that causing it to produce a lot of false positive results. Malicious hackers will waste a lot of time to figure out what is happened. Although the WAF is not designed for performance, the SQLi detection rate is over 99%.

It is what my open source infosec projects implemented into my network for security purpose that allows me to do my researches and infosec projects development without worry. Although no system is safe, it helps me a lot for the network monitoring. Meanwhile, I also hardened all my Linux desktops and Linux servers and including browser - Firefox. As a result, I am feeling very good for that.

It is the story about my bridgehead defense - network.

何謂「自主硏發」?

最近經常聽到或見到「自主硏發」這個詞語。可是中國香港的同胞們都經常誤解了這個詞語，他們認為「自主硏發」是由零做起的，但我並不同意這個看法。

根據「百度百科」的資料，「自主」是指 :

「自主指自己作主，不受别人支配。心理学中自主就是遇事有主见，能对自己的行为负责。」

根據「百度百科」的資料，「硏發」是指 :

「研发，英文为 Research & Development，简称 R&D，即研究开发、研究与开发、研究发展，是指各种研究机构、企业为获得科学技术（不包括人文、社会科学）新知识，创造性运用科学技术新知识，或实质性改进技术、产品和服务而持续进行的具有明确目标的系统活动。一般指产品、科技的研究和开发。研发活动是一种创新活动，需要创造性的工作。」

現在有很多科技項目都是開源的，原創者或作者容許其他人在其的開源契約下免費使用或更改，然後再以開源契約再發行。這樣我們並不需要將車輪再發明，只要站在智者和賢者的肩膊上再創新就可以了。

例如我有幾個開源項目都是基於另一個或一些開源項目開發的，好像「牛角麵包」(Croissants)，她主要是基於開源的 Suricata 引擎和其他的開源項目，由我硏發出來的入侵防禦系統。例如我的另一套開源項目「夜鷹」(Nighthawk)，她是基於一個開源項目 Tor 來開發的。又例如我的另一套人工智能網頁防火牆「龍井」(Longjing)，她是使用了 Scikit-Learn 的開源程式庫來開發的。這些都是由我自行開發的開源項目，這也可說是「自主硏發」吧。

所以我個人認為「自主硏發」這個詞語並不是指所有的開發都是由零開始的。這就好像我們不需要再發明飛機，只要改良飛機便可以了。又或者可以由飛機這個項目進化到另一個產品項目一樣。

参考連結 :

「百度百科」-「自主」
「百度百科」-「硏發」
「牛角麵包」
「夜鷹」
「龍井」

後記

「自主硏發」這個詞彙的由來或多或少是有其歷史背景的。一直以來，美國是禁止高科技產品出口到中國，如有違反會予以監禁和巨額罰款，如果你是華人的話還冠以間諜罪名。所以中國便要硏發出相應產品供國內使用，而這詞彙就不脛而走了。

HOWTO : Hardening And Tuning Of Ubuntu 18.04 LTS

This guide is going to hardening and tuning your Ubuntu Server/Desktop 18.04 LTS without extra effort.

(A) Buffer Overflow Prevention

Make sure "No Execute (NX)" or "Execute Disable (XD)" in the BIOS/UEFI has been enabled. Then run the following command :

sudo dmesg | grep --color '[NX|XD]*protection'

[ 0.000000] NX (Execute Disable) protection: active

If you see the captioned output or similar, you have set it right.

(B) Kernel Hardening and Tuning

Copy the content to the file "60-croissants.conf" :



sudo nano /etc/sysctl.d/60-croissants.conf
sudo sysctl -p /etc/sysctl.d/60-croissants.conf

The configure file would hardening the kernel with parameters which is including ASLR.

(C) Firefox Hardening (For Desktop Only)

sudo apt install apparmor-utils
sudo aa-enforce /etc/apparmor.d/usr.bin.firefox

To change to complain mode :

sudo aa-complain /etc/apparmor.d/usr.bin.firefox

(D) SSD Tuning

Append "scsi_mod.use_blk_mq=1" to "GRUB_CMDLINE_LINUX_DEFAULT" :

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash scsi_mod.use_blk_mq=1"

sudo update-grub

Then reboot the box.

(E) File System Tuning

Insert "noatime,nodiratime,norelatime," to the "/dev/mapper/ubuntu--vg-root" :

/dev/mapper/ubuntu--vg-root / ext4 noatime,nodiratime,norelatime,errors=remount-ro 0 1

sudo mount -a
sudo mount -o remount /

Make sure there is no error displayed. If you find there is an error, do not reboot the box until you have fix what you have edited. Otherwise, you cannot reboot the box properly.

That's all! See you.

[RESEARCH] How Secure Of Your Wifi Netowrk

Some information security experts still suggested to hide your SSID and set MAC address filtering in addition to WPA2, AES and strong passphrase setting in order to keep your wireless network secure.

However, most wireless hacking tools can unhide the hidden SSID, meanwhile, MAC address can be easily spoofed. Fortunately, there is a feature that can be used to harden your wireless network. It is namely Protected Management Frames or IEEE 802.11w even it is still not a standard since 2009.

What are Protected Management Frames (IEEE 802.11w) ?

Wi-Fi CERTIFIED WPA2 with Protected Management Frames provides WPA2 protection for unicast and multicast management action frames. Unicast management action frames are protected from both eavesdropping and forging, and multicast management action frames are protected from forging. WPA2 with Protected Management Frames augments WPA2 privacy protections already in place for data frames with mechanisms to improve the resiliency of mission-critical networks.

In order to understand how does it work for the security of a wireless network, I did some experiments for the purpose.

Hardware

(1) Home wireless router with the feature of Protected Management Frames;
(2) Android 6.0 at 2.4GHz smartphone;
(3) Android 7.0 at 5GHz smartphone;
(3) Macbook Pro (Retina Mid 2012) with macOS High Sierra (10.13.4) at 5GHz;
(4) Macbook Air (Mid 2013) with macOS High Sierra (10.13.4) at 5GHz;
(4) Lenovo Thinkpad X201s (as 2.4GHz attacker); and
(5) TP-Link Archer T4UHP (as 2.4/5GHz attacker)

Software

(1) Parrot Security OS 4.0.1 64-bit;
(2) WAIDPS 1.0 R6j; and
(3) Aircrack-NG 1.2

Lenovo Thinkpad X201s installed Parrot Security OS 4.0.1 with the latest update and running WAIDPS which is powered by Aircrack-NG 1.2 as attacker.

The home wireless router and the testing wifi devices are set to WPA2 and AES encryption. The firmware of the wireless router is up-to-date. Since the home wireless router is dual bands, 2.4GHz and 5GHz, I set some of the testing devices to 5GHz. The home wireless router is set to AP mode as I already have a wired router in the network.

Once the 4-way handshake is captured from wireless router and devices, attackers can brute force the captured packets to obtain the passphrase of the wireless router.

Experiment

The Protected Management Frames can be set to "disabled", "capable" and "required" on the home wireless router.

(a) Disabled

When the Protected Management Frames (PMF) at the wireless router is set to "Disabled". All wireless devices can be disassociated and the 4-way handshake can be captured.

(b) Capable

When the PMF is set to "Capable" at the wireless router, all devices can connect to the router without problem. However, the wireless devices can be disassociated and the 4-way handshake can be captured.

(c) Required

When the PMF is set to "Required", only Macbook Pro and Macbook Air can be connected to the wireless router and it cannot be disassociated as well as the 4-way handshake cannot be captured.

(d) extra

When the PMF is set to "Capable" and all the devices are disconnected as well as re-connected to the wireless router, the 4-way handshake can be captured.

When the PMF is set to "Required" and Macbook Pro as well as Macbook Air are disconnected and re-connected to the wireless router, the 4-way handshake cannot be captured.

Conclusion

Purchase a wireless router that equipped with Protected Management Frames feature and set it to WPA2, AES and PMF to "Required" with wireless devices that compatible to PMF, such as macOS 10.13.4.

However, not all wireless routers and/or wireless devices are equipped with this feature even it is an expensive/high-end or commercial model.

Finally, when you find a wireless router that equipped with this feature, make sure to update the firmware to the latest version often.

By the way, I am unwilling to provide the brand name of the home wireless router that I tested. Sorry for that!

That's all! See you.

Ubuntu 18.04 LTS Performance Tuning or not

After several experiments, I confirmed that previous performance tuning for Ubuntu 16.04 LTS does not fit for Ubuntu 18.04 LTS. The previous performance tuning, such as hard drive read/write, will slow down the performance of Ubuntu 18.04 LTS. If you implemented such tuning in Ubuntu 18.04 LTS and noticed the performance drops, you may consider to turn it off or disable it.

For example,

echo 1024 | sudo tee /sys/block/sda/queue/read_ahead_kb
echo 1024 | sudo tee /sys/block/sda/queue/nr_requests

That's all! See you.

HOWTO : Upgrade Parrot Security OS 3.11 to 4.0.1

Parrot Security OS 4.0.1 is released recently. You can upgrade to the latest version by the following commands.

sudo apt purge tomoyo-tools
sudo apt update
sudo apt full-upgrade
sudo apt autoremove

That's all! See you.

HOWTO : Install golang 1.10 on Ubuntu 18.04 LTS

The current version of golang in Ubuntu 18.04 LTS is 1.10.1 at the time of this writing.

Install

sudo apt update
sudo apt install golang

Check

go env
go version

Workspace

mkdir -p {,~/go/bin,~/go/pkg,~/go/src}

That's all! See you.

HOWTO : Install Gnome Shell Extensions on Ubuntu 18.04 LTS

Ubuntu Desktop 18.04 LTS is now default with Gnome. You can tune the Gnome with this tool.

sudo apt update
sudo apt install gnome-tweaks gnome-tweak-tool

The following are some useful Gnome Shell Extensions that come with Ubuntu 18.04.

If your computer or laptop do not has hard disk led, this extension is good for you.

sudo apt install gnome-shell-extension-hard-disk-led

If you do not have multi-media keyboard, this extension is for you.

sudo apt install gnome-shell-extension-mediaplayer

You can monitor the CPU loading, Memory usage and Internet traffic with this extension.

sudo apt install gnome-shell-extension-system-monitor

You can know current and forecast of your local weather with this extension.

sudo apt install gnome-shell-extension-weather

If you have some old system tray icons, you may need this extension. However, some old system tray icons do not compatible with this extension.

sudo apt install gnome-shell-extension-top-icons-plus

Run Gnome Tweaks to enable the extension(s) that you have installed. After that, logout and re-login.

To see all the Gnome Shell Extensions that come with Ubuntu 18.04.

apt-cache search gnome-shell-extension

That's all! See you.

HOWTO : Upgrade Ubuntu Gnome 16.04 LTS to Ubuntu Desktop 18.04 LTS

There is no version 18.04 for Ubuntu Gnome at the moment. If you want to upgrade from Ubuntu Gnome 16.04 to Ubuntu 18.04, you can follow the procedure below.

Step 0 :

update-manager -cd

After that, reboot the box.

Step 1 :

sudo apt remove gnome-session ubuntu-gnome-desktop gnome-session-flashback plymouth-theme-ubuntu-gnome-text plymouth-theme-ubuntu-gnome-logo gnome-session-flashback

select "gdm3" when asked.

Step 2 :

sudo update-alternatives --config default.plymouth

select "auto mode" of "/usr/share/plymouth/themes/ubuntu-logo/ubuntu-logo.plymouth"

Step 3 :

sudo update-initramfs -u

Then reboot.

That's all! See you.

HOWTO : Radiotray-NG on Ubuntu 18.04 LTS

Radiotray-NG is internet radio program to streaming music and online radio.

wget https://github.com/ebruck/radiotray-ng/releases/download/v0.2.2/radiotray-ng_0.2.2_ubuntu_18.04_amd64.deb
sudo dpkg -i radiotray-ng_0.2.2_ubuntu_18.04_amd64.deb
sudo apt --fix-broken install

RTHK Radio Channels (Optional)

Radio 1 - http://rthk.hk/live1.m3u
Radio 2 - http://rthk.hk/live2.m3u
Radio 3 - http://rthk.hk/live3.m3u
Radio 4 - http://rthk.hk/live4.m3u
Radio 5 - http://rthk.hk/live5.m3u
Putonghua - http://rthk.hk/livepth.m3u

After adding or editing the channels, make sure to reload the bookmarks.

That's all! See you.

HOWTO : Install Deepin Desktop Environment on Ubuntu Desktop 18.04 LTS

Deepin Desktop Environment (DDE) is an open source project by Deepin Technology Ltd. Co., Wuhan, China. Besides install Deepin Linux 15.5 or higher, you can install it on Ubuntu Desktop 18.04 LTS.

Install Deepin Desktop Environment (DDE)

sudo add-apt-repository ppa:leaeasy/dde
sudo apt-get update
sudo apt install dde

The following is for experiment only (not recommended by the PPA creator).

sudo apt install dde deepin-gtk-theme dde-control-center-plugin-notify dde-control-center-plugin-weather redshift libfprint0 dnsmasq cgroup-tools imwheel libpam-fprintd fprintd network-manager-l2tp network-manager-openconnect network-manager-openvpn network-manager-vpnc minicom deepin-calculator dde-file-manager

Install RecordMyDesktop (Optional)

sudo apt install gtk-recordmydesktop

* when "Window Effect" is disabled, "Deepin Screen Recorder" and "Multitasking View" will be disabled too.

Set Font of the system (Optional)

Set Font to "Ubuntu" and "Ubuntu Mono" and set font size larger when necessary.

Disable Window Effect Mode (Optional)

When you find booting to desktop taking a longer time and playing video files lagging, you need to consider to disable the Window effect as your display card is not strong enough.


The following optional settings are for Chinese only. Ubuntu default ibus is not compatible with Deepin DDE and you need to use fcitx instead.:

If you are using English version Ubuntu, you are required to install the Traditional Chinese fonts or Simplified Chinese fonts.

Traditional Chinese

sudo apt install language-pack-gnome-zh-hant-base language-pack-gnome-zh-hant

or

Simplified Chinese

sudo apt install language-pack-gnome-zh-hans-base language-pack-gnome-zh-hans

Install Cangjie Quick Input Method (Optional)

sudo apt install fcitx fcitx-table-quick-classic fcitx-config-gtk

Install Cantonese Input Method (Optional)

sudo apt install fcitx fcitx-table-cantonese fcitx-config-gtk

Install Cangjie 3rd Generation Input Method (Optional)

sudo apt install fcitx fcitx-table-cangjie3 fcitx-config-gtk

Install Cangjie 5th Generation Input Method (Optional)

sudo apt install fcitx fcitx-table-cangjie5 fcitx-config-gtk

After installing desired Chinese Input Method, go to "Language Support" to set from "ibus" to "fcitx" and make sure to install missing packages when asked in launching "Language Support". To toggle the Input Method by pressing "Ctrl+Space" and set your Input Method as default when necessary.





You can even switch between Gnome and Deepin desktop environment when you are going to login. If you want to delete the Deepin DDE forever, you can run the following commands :

sudo apt remove dde

or

sudo apt remove dde dde* deepin* deepin-gtk-theme dde-control-center-plugin-notify dde-control-center-plugin-weather redshift libfprint0 dnsmasq cgroup-tools imwheel libpam-fprintd fprintd network-manager-l2tp network-manager-openconnect network-manager-openvpn network-manager-vpnc minicom deepin-calculator dde-file-manager
sudo apt autoremove
sudo apt update

That's all! See you.

HOWTO : upgrade Ubuntu 16.04 LTS to 18.04 LTS on Croissants

First of all make sure your Croissants box has sufficient free hard drive spaces, otherwise, the upgrade will fail.

sudo apt install update-manager-core
sudo do-release-upgrade -d

Answer "Y" to all questiones asked.

After the upgrade, you need to run the following commands :

Remove the first "# " from /etc/apt/sources.list.d/evebox.list
Remove the first "# " from /etc/apt/sources.list.d/elastic-5.x.list

sudo update-java-alternatives -s java-1.8.0-openjdk-amd64
sudo systemctl enable logstash
sudo systemctl enable elasticsearch
sudo systemctl enable kibana

Then you can reboot your Croissants.

That's all! See you.

HOWTO : Upgrade Ubuntu Server 16.04 to 18.04

Ubuntu 18.04 LTS is just released. It is a high time to upgrade your Ubuntu Server 16.04 LTS to 18.04 LTS. To upgrade it, make sure you have sufficient free space.

Step 1 :

sudo apt install update-manager-core
sudo do-release-upgrade -d

You need to answer "Y" to all questions asked.

Step 2 :

Make sure to enable all the required repositories at /etc/apt/source.list.d/ and then run the following command.

sudo apt update

Step 3 :

If you have application that works only on Java 8, make sure to do the following.

update-java-alternatives -l
sudo update-java-alternatives -s java-1.8.0-openjdk-amd64

or

sudo update-alternatives --config java

Then, select Java 8

Step 4 :

If your system is running PHP, you need to reinstall all the required packages. For example,

sudo apt-get install php7.2-cgi php7.2 php7.2-cli php7.2-mysql php7.2-curl php7.2-gd php7.2-intl php7.2-imap php7.2-pspell php7.2-recode php7.2-sqlite3 php7.2-tidy php7.2-xmlrpc php7.2-xsl apache2-utils php7.2-fpm php-memcache php-imagick mysql-server mysql-client php7.2-mbstring php7.2-zip

Make sure to do the following when you are using php7.2-fpm on Apache2 :

sudo a2enmod php7.2
sudo a2enconf php7.2-fpm
sudo systemctl enable php7.2-fpm
sudo systemctl enable apache2
sudo systemctl restart php7.2-fpm
sudo systemctl restart apache2

That's all! See you.

HOWTO : Install Parrot Security OS 3.11 32-bit

Since the 32-bit of Parrot Security OS 3.11 will crash in the middle of the installation even the hash checksum is same as the official, we can install "Home" version and then install the necessary tools by the following command.

sudo apt update
sudo apt install parrot-tools-full

That's all! See you.

Deepin Linux 15.5

中國武漢深度科技公司的深度作業系統 15.5 (Deepin Desktop) 是基建於 Debian Linux 的桌面系統。深度系統實現了 Linux 的高度客制化的技術，它媲美蘋果電腦 macOS 作業系統。

深度系統 15.5 安裝容易和直接，沒有太多的輸入和選項。當安裝在 Virtualbox 虚擬機器時，它會提供特效模式 (Effect mode) 或普通模式 (Common mode) 選擇。普通模式運作行得比較快，但沒有了特別效果。

在使用深度系統 15.5 時極有使用蘋果電腦 macOS 的感覺。使用介面非常直觀和華麗，你並不會迷失於大量的選項當中。

它的軟件庫 (Deepin Store) 收集了很多實用的軟件，並且安裝和移除都非常容易。它的軟件庫極有蘋果電腦 macOS 的 Apps Store 味道。可以看得出武漢深度科技公司曾經投入大量資源來開發這系統。

這個作業系統極之適合 Linux 初學者或一些要求簡潔和直接的用家。這也是 Ubuntu Linux 以外的另一個不錯的選擇。但是美中不足之處是它沒有全碟加密和密碼只接受最多十六位字元，而且有些軟件的版本比較老舊。




Wuhan Deepin Technology Co. Ltd. (China) develops a Debian based Linux system namely Deepin Desktop. The current version as at this writing is 15.5. The outlooks of Deepin is much like Apple macOS.

Installation of Deepin 15.5 is very easy and simple. A few information is required to fill in or select in the installation. When installed in Virtualbox, you have a chance to select "Effect mode" or "Common mode". Common mode is the fastest mode comparing with Effect mode. Deepin Desktop 15.5 is very easy to use. The design is very straight forward and simple. If you have experience in Apple macOS, you will feel that it is very similar.

There are some useful software in Deepin Store and it much like Apps Store in macOS. The installation and uninstallation of any software is very easy. It is believed that Wuhan Deepin Technology has invested a lot of resources of building this Linux distribution.

Deepin Desktop is suitable for newbies of Linux and someone who loves simple operation. If you do not like Ubuntu Linux, you may try Deepin Desktop instead. The only downsides of Deepin are no full disk encryption, the maximum length of user password limited to 16 characters and some software are a little bit out-dated.

That's all! See you.


Reference

Linux Deepin is NOT spyware


Full disk encryption on Deepin 15.5

Linux 的我見

每一個人選擇使用 Linux 的原因和理由各有不同，但大部份人都是原先是使用視窗 (Windows) 的。他們大多都有一個共同點，就是經常抱怨找不到和視窗一樣的應用軟體的代替品。但這個問題鮮有在蘋果 (Apple macOS) 的使用者中發生。問題是出在那裡呢？

視窗、蘋果及 Linux 在基本上是不同的產品，它們都有着自己的特性。蘋果是源於 BSD 系統，它是 Unix 系統；Linux 是類 Unix 系統及自行開發；而視窗是一個自行開發的非 Unix 系統。它們都有着的不同發展方向，除了 Linux，視窗和蘋果都很早在桌面 (Desktop) 方面上應用。

視窗專門經營軟體業務，而蘋果則為主要經營硬件業務，而 Linux 基本上是非牟利的。

蘋果也沒有很多與其他商業化產品一樣的代替品，但蘋果用戶並沒有如其他的視窗使用者使用 Linux 時的要求和抱怨。我想是因為蘋果用戶是一個獨特的使用群組，他們沒有抱怨沒有相似的代替品，但他們接受使用與視窗用戶所使用的不一樣和與別不同的產品。

基於 Linux 是開源及基本上是免費的，大多數的開發人員都是利用自己的私人時間來開發軟體，所以其開發出來的軟體大多數沒有在商業化上作出考慮；多數的開發人員都是開發給自己或一小撮人使用。其後他們有的也開發了一些與其他商業化產品的類似物，但並非是其代替品，也有一些應用是其他商業化產品沒有的。Linux 的獨特性可見一班。

其實視窗的使用者在使用 Linux 時不應有與使用視窗的要求。應當接受各個不同類型的作業系統的不同特性和發展。視窗的使用者與蘋果的用戶在性格上和要求上大有不同，在此，我非常欣賞蘋果用戶的可塑性。所以視窗的使用者對 Linux 會不會過於「又要馬兒好，又要馬兒不吃草」呢？

開源的 Linux 造就各式各樣的版本，各個版本都有其獨特的性格。各個版本的基本操作指令和架構是大致相同，最大的分別在於軟件包管理指令和桌面系統 (Window Manager)。不同版本的 Linux 有不同版本的軟件包管理和桌面系統。

Linux 吸引之處在於可塑性非常高，客制性的能力可以出神入化。再加上所有編程語言和編譯器是完全開源和免費的。這做就了多樣化的工具軟件供給多樣化的應用。每個軟件工程師都可建做自己具有個人特色的 Linux 版本或應用系統。

至於為何沒有與其他作業系統的應用軟體一模一樣的產品，我想這與知識產權不無關係的，這就不能怪責 Linux 的不體貼了。俗語有話「若要人似我，除非兩個我」。