# Quan Zhou

Exercise notes and other boring stuff

## Docker started using 192.168.0.0/16 subnets all of in sudden

I was having fun with Jupyter and wanted to move it to my Docker host so it can benefit from the GPU. With effective configs:

## Just when you want to use systemctl --user with fish

~ > systemctl --user status
Failed to connect to bus: No such file or directory

~> systemctl --user status
● \$HOSTNAME
State: running
Jobs: 0 queued
Failed: 0 units
Since: Wed 2021-01-27 21:27:40 CST; 14h ago
CGroup: /user.slice/user-1003.slice/[email protected]
├─init.scope
│ ├─6672 /lib/systemd/systemd --user
│ └─6686 (sd-pam)
└─gpg-agent.service
└─20452 /usr/bin/gpg-agent --supervised


## Disable Translations in Apt

Sometimes non-server distros come with a lot of languages, takes a long time to update. So:

#/etc/apt/apt.conf.d/99translations
Acquire::Languages "none";


## Less Preferable Releases in Apt

While trying to install Maltego on a development machine, I've added the kali-rolling distribution to my sources.list.d. After an apt update I found myself sat in front of a machine suddenly received thousands of updates.

The surprise wore off quickly, it's called 'rolling' for a reason, but I don't want a “foreign distro” to pollute my system either. I know the “preference” was the word to look for, but not really sure if it's available through man pages.

## TIL Apt Takes 'Direct' In Proxy Statement

I was playing around in a contained network where only some of the connections should go through a proxy.

From man apt-transport-http:

...
The various APT configuration options support the special value DIRECT meaning that no proxy should be used. The environment variable no_proxy is also supported for the same purpose.
...


## Commit Security

It's quite usual that people push their credentials to a public git repo on the internet. What published is published, a push -f does not unpublish, and recovery isn't that obscure.

## Revisiting WriteFreely Configuration

My WriteFreely configuration has changed quite many times, which is more frequent than posting. 😉

## Enabling Encrypted SNI

I was trying to pass the [Encrypted SNI test], but it wasn't smooth as silk.

My resolver NextDNS support the feature, but the test page finds otherwise. So skimmed over the [document], found following requirements:

An unsigned long long time ago, a mass amount of TPMs and smartcards were hit by a flaw in the Infineon codebase. They have released an update, but still, we can see unpatched modules in the wild.