https://geeknote.net/busylog
busylog
/assets/avatar-c195dbe387bf2d666eedca03bc60e64574323f2a.png
2024-02-13T03:41:37Z
busylog
https://geeknote.net/busylog
https://geeknote.net/busylog/posts/2687
2024-02-13T03:40:38Z
2024-02-13T03:41:37Z
Use as few drive letters as possible in Windows?
<pre class="highlight"><code>mountvol /N
mountvol /R
# diskpart: automount disable
# diskpart: automount scrub
# diskpart: SAN POLICY=OfflineAll
Get-Partition|where-object {$_.DiskNumber -gt 0}|%{
write-host ('mkdir "c:\mount\Volume{0}"' -f $_.guid);
write-host ('mountvol "c:\mount\Volume{0}" "\\?\Volume{1}"' -f $_.guid,$_.guid);
}
</code></pre>
mountvol /N
mountvol /R
# diskpart: automount disable
# diskpart: automount scrub
# diskpart: SAN...
busylog
https://geeknote.net/busylog
https://geeknote.net/busylog/posts/2379
2023-06-12T13:14:06Z
2023-06-12T13:14:06Z
curl resolve to SNI proxy
<pre class="highlight"><code>--resolve "*:443:127.0.0.1" --resolve "*:80:127.0.0.1"
</code></pre>
--resolve "*:443:127.0.0.1" --resolve "*:80:127.0.0.1"
busylog
https://geeknote.net/busylog
https://geeknote.net/busylog/posts/1649
2022-11-05T10:01:17Z
2022-11-05T10:12:14Z
64bit only Android
<p>BoardConfig disables:</p>
<pre class="highlight"><code>TARGET_2ND_ARCH := arm
TARGET_2ND_ARCH_VARIANT := armv8-a
TARGET_2ND_CPU_ABI := armeabi-v7a
TARGET_2ND_CPU_ABI2 := armeabi
</code></pre>
<p>so build.prop will be affected (ro.product.cpu.abilist{,32})</p>
<p>differences on core_64_bit.mk vs core_64_bit_only.mk
<a href="https://android.googlesource.com/platform/build/+/master/target/product/core_64_bit.mk">https://android.googlesource.com/platform/build/+/master/target/product/core_64_bit.mk</a>
<a href="https://android.googlesource.com/platform/build/+/master/target/product/core_64_bit_only.mk">https://android.googlesource.com/platform/build/+/master/target/product/core_64_bit_only.mk</a></p>
<pre class="highlight"><code>PRODUCT_VENDOR_PROPERTIES += ro.zygote=zygote64
PRODUCT_VENDOR_PROPERTIES += dalvik.vm.dex2oat64.enabled=true
</code></pre>
<p>and disabling init.zygote64_32.rc</p>
BoardConfig disables:
TARGET_2ND_ARCH := arm
TARGET_2ND_ARCH_VARIANT := armv8-a
TARGET_2ND_CPU_AB...
busylog
https://geeknote.net/busylog
https://geeknote.net/busylog/posts/1645
2022-11-02T07:49:46Z
2022-11-18T11:51:08Z
nginx stream examples
<p>udp stream example</p>
<pre class="highlight"><code>stream {
upstream example {
server [ipv6]:port max_fails=0;
server [ipv6]:port max_fails=0;
}
server {
listen 127.0.0.1:port udp;
listen [::1]:port udp ipv6only=on;
proxy_pass example;
}
}
</code></pre>
<p>sni example</p>
<pre class="highlight"><code>stream {
# non existent
map $ssl_preread_protocol $upstream {
"" 0.0.0.0:65535;
default 0.0.0.0:65535;
"TLSv1.3" $ssl_preread_server_name:443;
"TLSv1.2" $ssl_preread_server_name:443;
"TLSv1.1" $ssl_preread_server_name:443;
"TLSv1" 0.0.0.0:65535;
}
# try nat64/dns64 with newer nginx later (ipv4=off)
resolver [2a10:50c0::ad1:ff] ipv6=off valid=600s;
server {
# note: it may connect back to localhost:443 with adblock enabled
# add port forwarding rules on your firewall (443->5228)
listen 5228 so_keepalive=4m::10;
allow 192.168.0.0/16; deny all;
ssl_preread on;
proxy_pass $upstream;
}
}
</code></pre>
udp stream example
stream {
upstream example {
server [ipv6]:port max_fails=0;
server [...
busylog
https://geeknote.net/busylog
https://geeknote.net/busylog/posts/1596
2022-10-13T10:47:15Z
2022-11-12T19:33:47Z
OpenWRT as client (ver 2022)
<p>reset eth0 to dhcp (dhcpv4 only) client</p>
<pre class="highlight"><code># remove br-lan
uci delete network.@device[0]
uci set network.lan.device=eth0
uci set network.lan.proto=dhcp
# disable dhcp. also needed in VM/container.
uci set dhcp.lan=dhcp
uci set dhcp.lan.ignore=1
uci set dhcp.lan.dhcpv4=disabled
uci set dhcp.lan.dhcpv6=disabled
uci set dhcp.lan.ra=disabled
uci set dhcp.lan.ndp=disabled
# optional?
uci set dhcp.odhcpd.maindhcp=0
/etc/init.d/odhcpd disable
</code></pre>
<p>add wan6 (but wan6 will be in WAN zone, lan is in LAN zone?! that is quite wrong...)</p>
<pre class="highlight"><code>uci set network.wan6=interface
uci set network.wan6.proto=dhcpv6
uci set network.wan6.device=eth0
uci set network.wan6.reqaddress=try
uci set network.wan6.reqprefix=no
</code></pre>
<p>optional: enable ipv6 privacy address.
(Note: DONT USE ON ROUTER, it breaks openwrt's design. odhcp6c does not support privacy address. and those address will NOT be tracked by netifd!)</p>
<pre class="highlight"><code>cat <<EOF > /etc/sysctl.d/12-ipv6-privacy.conf
net.ipv6.conf.default.use_tempaddr=2
net.ipv6.conf.all.use_tempaddr=2
net.ipv6.conf.eth0.use_tempaddr=2
net.ipv6.conf.all.accept_ra=2
net.ipv6.conf.default.accept_ra=2
net.ipv6.conf.eth0.accept_ra=2
EOF
</code></pre>
<p>open port on WAN zone (default is REJECT).
you can set WAN zone to lan, wan, wan6 later.</p>
<pre class="highlight"><code>uci add firewall rule
uci set firewall.@rule[-1].name='allow80'
uci add_list firewall.@rule[-1].proto='tcp'
# uci add_list firewall.@rule[-1].src_ip='192.168.0.0/16'
uci set firewall.@rule[-1].src='wan'
uci set firewall.@rule[-1].dest_port='80'
uci set firewall.@rule[-1].target='ACCEPT'
uci add firewall rule
uci set firewall.@rule[-1].name='allow22'
uci add_list firewall.@rule[-1].proto='tcp'
# uci add_list firewall.@rule[-1].src_ip='192.168.0.0/16'
uci set firewall.@rule[-1].src='wan'
uci set firewall.@rule[-1].dest_port='22'
uci set firewall.@rule[-1].target='ACCEPT'
</code></pre>
<p>switch zone
(<em><strong>WARNING</strong></em> may lock out yourself!)</p>
<pre class="highlight"><code># find zone id (typically is zone[1] and zone[0])
# uci show firewall|grep wan6
# uci show firewall|grep lan
# uci add_list firewall.@zone[1].network=lan
# uci del_list firewall.@zone[0].network=lan
</code></pre>
<p>remember to commit</p>
<pre class="highlight"><code>uci commit
</code></pre>
<p>wireguard:
set route_allowed_ips=1 or defaultroute=1?</p>
<pre class="highlight"><code># if you use defaultroute=1, you should also retrigger ifup on wan reload
cat <<EOF >/etc/hotplug.d/iface/30-wg
[ "${ACTION}" = "ifup" ] && [ "${INTERFACE}" = "wan" ] && ifup wg
[ "${ACTION}" = "ifup" ] && [ "${INTERFACE}" = "wan6" ] && ifup wg
EOF
</code></pre>
<p>/etc/sysupgrade.conf (why you cant protect yourself):</p>
<pre class="highlight"><code>echo /etc/sysupgrade.conf >> /etc/sysupgrade.conf
echo /etc/hotplug.d/iface/ >> /etc/sysupgrade.conf
</code></pre>
<p>disable raspberry pi HDMI and LED</p>
<pre class="highlight"><code>tvservice -o || :
echo none | tee /sys/class/leds/led?/trigger
echo 0 | tee /sys/class/leds/led?/brightness
</code></pre>
<p>auto install package in rc.local:</p>
<pre class="highlight"><code>while true; do
f=0
opkg list-installed > /dev/shm/installed
# socat screen lsof tcpdump mtr curl nano
for i in nginx-all-module watchcat wireguard-tools; do
grep -q $i /dev/shm/installed && continue
[ -f /tmp/opkg-lists/openwrt_base.sig ] || opkg update
opkg install $i || f=1
done
[ "$f" == "0" ] && rm /dev/shm/installed && break
sleep 60
done
</code></pre>
reset eth0 to dhcp (dhcpv4 only) client
# remove br-lan
uci delete network.@device[0]
uci set net...
busylog
https://geeknote.net/busylog
https://geeknote.net/busylog/posts/1581
2022-10-06T11:05:06Z
2022-10-28T15:05:07Z
Android-x86 manual install & grub2 boot
<p>required files: kernel, initrd.img, system.sfs under /Android (ext4 filesystem).
optional: data.img (ext4 filesystem), system.img (ext4), system/default.prop (system extracted)
the init will check every block device:</p>
<pre class="highlight"><code> for device in ${ROOT:-/dev/[hmnsv][dmrv][0-9a-z]*}; do
check_root $device && break 2
mountpoint -q /mnt && umount /mnt
done
</code></pre>
<p>grub config:</p>
<pre class="highlight"><code>set kd="/Android"
search --no-floppy --set android -f $kd/kernel
set root=$android
linuxefi $kd/kernel root=/dev/ram0 $src SRC=$kd
initrdefi $kd/initrd.img
boot
</code></pre>
<p>modified from <a href="https://www.android-x86.org/source.html">https://www.android-x86.org/source.html</a></p>
required files: kernel, initrd.img, system.sfs under /Android (ext4 filesystem).
optional: data.i...
busylog
https://geeknote.net/busylog
https://geeknote.net/busylog/posts/1467
2022-08-23T00:30:49Z
2024-01-03T12:20:13Z
add Windows Firewall Rules to Block UWP Applications
<p>to create the firewall rule, you need to get the package SID.<br>
the normal method is DeriveAppContainerSidFromAppContainerName.<br>
but thankfully there's an alternate implementation from <a href="https://github.com/metablaster/WindowsFirewallRuleset/issues/6">https://github.com/metablaster/WindowsFirewallRuleset/issues/6</a> that could convert PackageFamilyName to SID, and I ported the method to python3.</p>
<pre class="highlight"><code>New-NetFirewallRule -Displayname RULENAME -enabled false -action block -direction out -package SID
</code></pre>
<pre class="highlight"><code># Get-AppxPackage|select Name,PackageFamilyName
import hashlib
# s is PackageFamilyName
def AppSid(s):
# unicode without bom
a = hashlib.sha256(s.lower().encode('utf16')[2:]).digest()
r = []
for i in range(0,28,4): # not 32, last part not needed
r.append(int.from_bytes(a[i:i+4],'little'))
return 'S-1-15-2-' + '-'.join(map(str,r))
AppSid('Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy')
# 'S-1-15-2-3119458392-1009845475-4083330090-3659807469-4003170139-1239840055-303833190'
AppSid('MicrosoftWindows.Client.FileExp_cw5n1h2txyewy')
# 'S-1-15-2-2432820154-214690117-2638483218-3299957948-3041975438-3418652010-4243016273'
AppSid('MicrosoftWindows.Client.CBS_cw5n1h2txyewy')
# 'S-1-15-2-283421221-3183566570-1718213290-751554359-3541592344-2312209569-3374928651'
AppSid('MicrosoftWindows.Client.WebExperience_cw5n1h2txyewy')
# 'S-1-15-2-1312876954-3728250218-3694470604-4188764552-3197360367-780678243-3229644300'
AppSid('Microsoft.PowerShell_8wekyb3d8bbwe')
# 'S-1-15-2-3474344596-1361774275-169937050-1715369765-655753896-4292765343-1302149271'
</code></pre>
to create the firewall rule, you need to get the package SID.
the normal method is DeriveAppConta...
busylog
https://geeknote.net/busylog
https://geeknote.net/busylog/posts/1326
2022-07-20T20:07:29Z
2023-06-12T13:17:54Z
powershell 7 (pwsh) as parallel runner
<pre class="highlight"><code>$process = Get-Process -Id $pid
$process.PriorityClass = 'idle'
get-item .\*.jpg | foreach-object -ThrottleLimit NUM_CORES -Parallel { cwebp.exe -metadata exif $_.FullName -o ("OUTPUTPATH" + $_.Name).replace('jpg','webp') }
# if ((Get-Item -Path $b).length -eq 0) { }
</code></pre>
<p>PowerShell 7 can be found on Microsoft Store:<br>
<a href="https://apps.microsoft.com/store/detail/powershell/9MZ1SNWT0N5D">https://apps.microsoft.com/store/detail/powershell/9MZ1SNWT0N5D</a>
Get-ChildItem -recurse (-filter / -include), and $_.Fullname may be useful.</p>
<p>Note: disable windows defender, explorer thumbnail for higher performance (SystemPropertiesAdvanced).</p>
<pre class="highlight"><code>reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "IconsOnly" /t Reg_DWord /d 00000001 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowPreviewHandlers" /t Reg_DWord /d 00000000 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTypeOverlay" /t Reg_DWord /d 00000000 /f
</code></pre>
$process = Get-Process -Id $pid
$process.PriorityClass = 'idle'
get-item .\*.jpg | foreach-object...
busylog
https://geeknote.net/busylog
https://geeknote.net/busylog/posts/1291
2022-07-01T02:01:06Z
2024-01-03T12:02:44Z
3proxy.cfg config example for ipv6 dual stack
<pre class="highlight"><code># unused dns upstream
# nserver 2606:4700:4700::1001
nscache 65536
nscache6 65536
# windows
# service
# linux
# daemon
auth iponly
# target filter
deny * * 127.0.0.1,192.168.0.0/16,fe80::/64
# port filter, 80,443,5222-5228 only
deny * * * 1-79,81-442,444-5221,5229-65535 HTTP,HTTP_CONNECT
# source filter
allow * 192.168.1.0/24,fe80::/64
# dont ask passwd
deny *
# linux: -s0 to disable splice. -olSO_REUSEADDR,SO_REUSEPORT
# linux: listen on ipv6 may need -olIPV6_V6ONLY
proxy -p8886 -64 -a -ocTCP_NODELAY -osTCP_NODELAY -i0.0.0.0 -e0.0.0.0 -e::
proxy -p8886 -64 -a -ocTCP_NODELAY -osTCP_NODELAY -i:: -e0.0.0.0 -e::
</code></pre>
# unused dns upstream
# nserver 2606:4700:4700::1001
nscache 65536
nscache6 65536
# windows
# ser...
busylog
https://geeknote.net/busylog
https://geeknote.net/busylog/posts/1254
2022-06-13T12:30:47Z
2022-10-28T14:59:37Z
AllowedIPs calculator for split tunnel and firewall rules
<p><a href="https://www.procustodibus.com/blog/2021/03/wireguard-allowedips-calculator/">https://www.procustodibus.com/blog/2021/03/wireguard-allowedips-calculator/</a></p>
<p>example ranges to be excluded:
0.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 127.0.0.0/8, 169.254.0.0/16, 172.16.0.0/12, 192.168.0.0/16, 240.0.0.0/3</p>
<p>OpenBSD version. use with pfctl -ef FILENAME.
you may wish to block all connection without port < 1023 rule.</p>
<pre class="highlight"><code>table <ip_range> { 1.0.0.0/8, 2.0.0.0/7, 4.0.0.0/6, 8.0.0.0/7, 11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/3, 96.0.0.0/6, 100.0.0.0/10, 100.128.0.0/9, 101.0.0.0/8, 102.0.0.0/7, 104.0.0.0/5, 112.0.0.0/5, 120.0.0.0/6, 124.0.0.0/7, 126.0.0.0/8, 128.0.0.0/3, 160.0.0.0/5, 168.0.0.0/8, 169.0.0.0/9, 169.128.0.0/10, 169.192.0.0/11, 169.224.0.0/12, 169.240.0.0/13, 169.248.0.0/14, 169.252.0.0/15, 169.255.0.0/16, 170.0.0.0/7, 172.0.0.0/12, 172.32.0.0/11, 172.64.0.0/10, 172.128.0.0/9, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/4, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4 }
block return out quick proto tcp to <ip_range> port < 1023 no state
</code></pre>
<p>Windows PowerShell version (remove -Enabled False first)</p>
<pre class="highlight"><code>$ips = @("255.255.255.253", "255.255.255.254")
New-NetFirewallRule -DisplayName "BlockoutPublicIPv4" -Enabled False -Profile Any –RemoteAddress $ips -Direction Outbound -Protocol TCP -Action Block
</code></pre>
<p>Linux version (unreachable can be replaced with blackhole. remove echo first)</p>
<pre class="highlight"><code>for ip in 255.255.255.253/32 255.255.255.254/32; do
echo ip route add unreachable $ip
# optional: table 8888; then use ip rule add uidrange 0-0 table 8888 priority 32000
done
</code></pre>
<p>ufw users: ufw deny out on INTERFACE to TARGET.</p>
https://www.procustodibus.com/blog/2021/03/wireguard-allowedips-calculator/
example ranges to be ...
busylog
https://geeknote.net/busylog
https://geeknote.net/busylog/posts/341
2021-11-25T09:02:20Z
2022-10-28T14:41:04Z
Dism++ exclusion rules for WoA(ARM64)
<pre class="highlight"><code>ProgramData\Microsoft\Windows Defender\Scans\
ProgramData\Microsoft\Windows Defender\Definition Updates\
$SysReset
Windows\XtaCache
Windows\System32\winevt\Logs
Windows\System32\LogFiles
ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
</code></pre>
<p>optional (need to reinstall/upgrade edge)</p>
<pre class="highlight"><code>Program Files (x86)\Microsoft\Edge
Program Files (x86)\Microsoft\EdgeCore
Program Files (x86)\Microsoft\EdgeUpdate
</code></pre>
ProgramData\Microsoft\Windows Defender\Scans\
ProgramData\Microsoft\Windows Defender\Definition U...
busylog
https://geeknote.net/busylog
https://geeknote.net/busylog/posts/337
2021-11-14T05:56:35Z
2024-01-03T11:52:38Z
Windows 11 Notes
<p>Winget is convenient! no more powershell hacks to uninstall appx. find your apps at <a href="https://github.com/microsoft/winget-pkgs">https://github.com/microsoft/winget-pkgs</a> or winget search.<br>
Photos can be replaced with legacy Windows Photo Viewer (registry file import required).</p>
<pre class="highlight"><code>rem winget uninstall Microsoft.Windows.Photos_8wekyb3d8bbwe
winget uninstall Microsoft.549981C3F5F10_8wekyb3d8bbwe
winget uninstall Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe
winget uninstall Microsoft.OneDriveSync_8wekyb3d8bbwe
winget uninstall Microsoft.WindowsMaps_8wekyb3d8bbwe
winget uninstall Microsoft.ZuneMusic_8wekyb3d8bbwe
winget uninstall Microsoft.ZuneVideo_8wekyb3d8bbwe
winget uninstall Microsoft.Todos_8wekyb3d8bbwe
winget uninstall Microsoft.Getstarted_8wekyb3d8bbwe
winget uninstall Microsoft.XboxGameOverlay_8wekyb3d8bbwe
winget uninstall Microsoft.Xbox.TCUI_8wekyb3d8bbwe
winget uninstall Microsoft.GamingApp_8wekyb3d8bbwe
winget uninstall Microsoft.XboxGamingOverlay_8wekyb3d8bbwe
winget uninstall Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe
winget uninstall Microsoft.YourPhone_8wekyb3d8bbwe
rem this is Widgets
winget uninstall MicrosoftWindows.Client.WebExperience_cw5n1h2txyewy
rem winget uninstall Microsoft.OneDrive
</code></pre>
<p>then fetch 7zip:</p>
<pre class="highlight"><code>winget install 7zip.7zip
</code></pre>
<p>HEVC Video Extensions (install from store)</p>
<pre class="highlight"><code>start ms-windows-store://pdp/?ProductId=9N4WGH0Z6VHQ
</code></pre>
<p>disable hibernation</p>
<pre class="highlight"><code>powercfg /h off
</code></pre>
<p>remove onedrive from explorer</p>
<pre class="highlight"><code>reg add "HKEY_CLASSES_ROOT\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\ShellFolder" /v "FolderValueFlags" /d "00000028" /t REG_DWORD /f
reg add "HKEY_CLASSES_ROOT\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\ShellFolder" /v "Attributes" /d "f090004d" /t REG_DWORD /f
</code></pre>
<p>explorer: IconsOnly / Disable Thumbnails</p>
<pre class="highlight"><code>reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v IconsOnly /d 1 /t REG_DWORD /f
</code></pre>
<p>restore Windows 10 explorer</p>
<pre class="highlight"><code>reg add "HKCU\Software\Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32" /f /ve
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked" /v {e2bf9676-5f8f-435c-97eb-11607a5bedf7} /f
</code></pre>
<p>optional: disable HVCI?</p>
<pre class="highlight"><code>rem reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /t REG_DWORD /d 0 /f
</code></pre>
<p>optional: disable storage sense</p>
<pre class="highlight"><code>rem reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy" /v 01 /t REG_DWORD /d 0 /f
rem reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy" /v 01 /t REG_DWORD /d 0 /f
</code></pre>
<p>optional: disable prefetcher / superfetch</p>
<pre class="highlight"><code>reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters" /v "EnableSuperfetch" /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters" /v "EnablePrefetcher" /t REG_DWORD /d 0 /f
</code></pre>
<p>optional: disable wfp</p>
<pre class="highlight"><code>netsh wfp set options netevents=off
</code></pre>
<p>optional: disable cdpsvc</p>
<pre class="highlight"><code>sc config CDPSvc start=disabled
</code></pre>
<p>optional: firewall rules</p>
<pre class="highlight"><code>netsh advfirewall firewall add rule name="denyudp137" dir=out action=block protocol=udp remoteport=137 enable=yes
netsh advfirewall firewall add rule name="denyudp443" dir=out action=block protocol=udp remoteport=443 enable=yes
netsh advfirewall firewall add rule name="denyudp3389" dir=out action=block protocol=udp remoteport=3389 enable=yes
netsh advfirewall firewall add rule name="denydsmsvc" dir=out action=block service=DsmSvc enable=yes
</code></pre>
<p>prepare for WSA</p>
<pre class="highlight"><code>dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart
</code></pre>
<p><a href="https://store.rg-adguard.net/">https://store.rg-adguard.net/</a> -> ProductId, 9p3395vx91nr, slow -> MicrosoftCorporationII.WindowsSubsystemForAndroid...
powershell: Add-AppxPackage path/to/msixbundle</p>
<p>adb can be found in <a href="https://dl.google.com/android/repository/platform-tools-latest-windows.zip">https://dl.google.com/android/repository/platform-tools-latest-windows.zip</a></p>
<pre class="highlight"><code>adb connect 127.0.0.1:58526
adb install blahblah.apk
adb shell pm list packages
adb uninstall --user 0 com.amazon.venezia
adb uninstall --user 0 com.amazon.device.messaging
adb shell am start -n com.android.settings/.Settings
</code></pre>
Winget is convenient! no more powershell hacks to uninstall appx. find your apps at https://githu...
busylog
https://geeknote.net/busylog
https://geeknote.net/busylog/posts/330
2021-10-24T04:29:33Z
2022-10-28T14:40:55Z
initramfs modules swapping
<p>idea: portting initramfs to use another kernel, so /lib/modules should be changed.</p>
<p>unmkinitramfs is helpful to handle prepended parts. and snippet from mkinitramfs(debian):</p>
<pre class="highlight"><code>[ "$(id -ru)" != 0 ] && cpio_owner_root="-R 0:0"
cd "${DESTDIR}" && find . | LC_ALL=C sort | cpio --quiet $cpio_owner_root $cpio_reproducible -o -H newc >>"${outfile}" || exit 1
</code></pre>
<p>Code: (you can gzip -9 -n /tmp/T1F later)</p>
<pre class="highlight"><code># use T1 as base and T2 as /lib/modules
T1=$(mktemp)
T2=$(mktemp)
T1D=$(mktemp -d)
T2D=$(mktemp -d)
outfile=/tmp/T1F
wget -o $T1 URI1
wget -o $T2 URI2
unmkinitramfs $T1 $T1D
unmkinitramfs $T2 $T2D
find $T1D/lib/modules -delete
cp -a $T2D/lib/modules $T1D/lib
[ "$(id -ru)" != 0 ] && cpio_owner_root="-R 0:0"
cd $T1D && find . | LC_ALL=C sort | cpio --quiet $cpio_owner_root $cpio_reproducible -o -H newc >>"${outfile}" || exit 1
</code></pre>
idea: portting initramfs to use another kernel, so /lib/modules should be changed.
unmkinitramfs ...
busylog
https://geeknote.net/busylog
https://geeknote.net/busylog/posts/235
2021-08-05T19:14:53Z
2022-10-28T14:39:11Z
Android zram writeback
<p>commit message:</p>
<p>"Create a Zram writeback job</p>
<p>Zram on some devices can support writing idle pages
on to disk. ZramWriteback schedules jobs to track idle
pages and trigger write-to-disk when the device is idle."</p>
<p>the functionality is based on idle page writeback support, and requires CONFIG_ZRAM_WRITEBACK=y in kernel config. losetup can be used to create loop device from swapfile, so backing_dev could be assigned to.</p>
<p>it also requires config_zramWriteback to be set enabled.</p>
<p>the commit introduced three properties (default value from pixel).
ro.zram.mark_idle_delay_mins = 60
ro.zram.first_wb_delay_mins = 1440
ro.zram.periodic_wb_delay_hours = 24</p>
<p>so it works like:
add timer do (run every periodic_wb_delay_hours * 60 then fork run)
sleep(first_wb_delay_mins)
:run
write all to zram devices(mark as idle)
sleep(mark_idle_delay_mins)
start writeback</p>
<p>ref:
<a href="https://www.kernel.org/doc/html/latest/admin-guide/blockdev/zram.html">https://www.kernel.org/doc/html/latest/admin-guide/blockdev/zram.html</a>
services/core/java/com/android/server/ZramWriteback.java from android platform/frameworks/base</p>
commit message:
"Create a Zram writeback job
Zram on some devices can support writing idle pages
...
busylog
https://geeknote.net/busylog