Category Archives: Ubuntu

Obfuscated SSH tunnel

VPN providers were cracked down, open source anti-censorship tools were eliminated. This is what’s happening in China and has become even more severe than ever. Shadowsocks alone is no longer reliable due to more powerful deep packet inspection implemented at the GFW.

I am now replacing shadowsocks on my gateway with obfuscated SSH tunnel, based on Tor‘s obfsproxy. To the impatient ones, I will first give a concise summary of the necessary steps of my set up. You can follow it without drilling down the details. I will explain in more details later. But please note that you have to follow the other instructions in this blog post to complete the whole set up.

Quick Set up

On your server

Assume your server runs Debian 8 (jessie) or Ubuntu, and its IP is, run these commands:

On Raspberry Pi gateway

Edit ~/.ssh/config:

Run these commands:

How to include local packages for pbuilder

The ibus-cangjie suite consists of 3 source packages: libcangjie, pycangjie and ibus-cangjie, pycangjie depends on libcangjie and ibus-cangjie depends on the other two. When you use pbuilder or its wrappers (I mainly use pbuilder-dist) to build pycangjie or ibus-cangjie, you have to make sure the depended packages are in the pbuilder chroot somehow otherwise the build will fail.

I used to build the package in the lowest level first, in this case libcangjie, then login to the pbuilder chroot with the --save-after-login argument and manually copy the built packages to where the chroot is mounted, run dpkg to install the packages, then exit the chroot. Now libcangjie is installed the chroot and so the build dependencies of pycangjie can be satisfied. This is simple, but requires quite a lot of typing.

There is a simpler way. As pbuilder puts all its built packages in a single directory, we can make the chroot use it as an apt source.

Assume packages built by your pbuilder is located in /home/ubuntu/pbuilder/sid_result, and pbuilder hooks are stored in /var/cache/pbuilder/hook.d. Now, update your .pbuilderrc like this:

# cat ~/.pbuilderrc 

Then put a new hook script to generate a Packages file:

# cat /var/cache/pbuilder/hook.d/D70results 
cd /home/ubuntu/pbuilder/sid_result
/usr/bin/dpkg-scanpackages . /dev/null > /home/ubuntu/pbuilder/sid_result/Packages
/usr/bin/apt-get update

To verify it is set up correctly, login to the pbuilder chroot with the --override-config and --othermirror arguments and check if /etc/apt/sources.list is updated, OTHERMIRROR parameter in .pbuilderrc does not work for me so I can only use --othermirror, not nice as you need to supply it every time you run pbuilder:

# pbuilder-dist testing login --override-config --othermirror "deb [trusted=yes] file:///home/ubuntu/pbuilder/sid_result ./"

# grep -r home /etc/apt
/etc/apt/sources.list:deb [trusted=yes] file:///home/ubuntu/pbuilder/sid_result ./

If everything goes well, build your package with the --override-config and --othermirror arguments like what you just did for the login operation:

# pbuilder-dist testing build --override-config --othermirror "deb [trusted=yes] file:///home/ubuntu/pbuilder/sid_result ./" <.dsc-file>

思源/Noto pan-CJK 字體 & Ubuntu

以開源協議授權釋出的字體大多數以拉丁字母等歐洲語言爲主,但最近 Adobe 和 Google 共同推出的思源/Noto pan-CJK 開源字體不只涵蓋了大部份中日韓所需要的字型,而且繁中、簡中、日文和韓文都用了不同的 OTF 檔案,因此對同一個漢字在不同地區的不同寫法就能個別處理,算是解決了 Unicode 一直爲人詬病的 Han unification 問題。

香港人最關心的應該是該字體是否覆蓋 HKSCS,我檢查過部份 hkscs-2008-big5-iso.txt 的 unicode 碼,在 NotoSansHant 裏都能找到,而且目測在 CJK BCD 區裏都有覆蓋,所以應該夠用(在下面的圖找找吧)。

用 Fontforge 查看 NotoSansHant-Regular.otf
用 Fontforge 查看 NotoSansHant-Regular.otf

從下面幾張 screenshot 可以看到香港字顯示效果理想:

想將 Ubuntu 的桌面 UI 和程式的預設字體改成思源/Noto,可以參考 Ingram Chen 的 blog。小弟改良了一下 Ingram 的 fontconfig 設定檔,使系統在不同 locale 下能優先選擇適當的字體,比如 zh_TW 下繁體的 Noto Sans T Chinese 是第一選擇,在 zh_CN 下則爲簡體的 Noto Sans S Chinese,之後其他的 CJK 字體作爲 fallback。

設定檔已放在 20-noto-cjk.conf,下載後執行:

mkdir ~/.config/fontconfig/conf.d
mv 20-noto-cjk.conf ~/.config/fontconfig/conf.d

另外如果要配置英文字體,可以下載 10-latin.conf,修改一下檔案中的字體部份,同樣放進 ~/.config/fontconfig/conf.d 即可。