feed.xml

<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0"
  xmlns:atom="http://www.w3.org/2005/Atom"
  xmlns:content="http://purl.org/rss/1.0/modules/content/">
  <channel>
    <title><![CDATA[Gary Blog]]></title>
    <link>http://emptyzone.github.io/</link>
    <atom:link href="/feed.xml" rel="self" type="application/rss+xml"/>
    <description><![CDATA[]]></description>
    <pubDate>Sun, 11 Jan 2015 05:55:25 GMT</pubDate>
    <generator>http://zespia.tw/hexo/</generator>
    
    <item>
      <title><![CDATA[iOS8 不越狱翻墙方案]]></title>
      <link>http://emptyzone.github.io/tech/2014/10/13/cross-fire-wall-on-ios8/</link>
      <guid>http://emptyzone.github.io/tech/2014/10/13/cross-fire-wall-on-ios8/</guid>
      <pubDate>Mon, 13 Oct 2014 21:40:00 GMT</pubDate>
      <description>
      <![CDATA[<blockquote>
<p> iOS8为我们带来了第三方输入法和 App Extentions，越狱的需求越来越少。而且自从在 <a href="http://bither.net" target="_blank" rel="external">Bither</a> 里存了一些比特币之后，我就越来越关注手机系统的安全性。现在真的是能不越狱就尽量不越了。那么不越狱的话怎么满足我自由的访问互联网的需求呢？<br>OS X，PC 或者 Android 翻墙，请移步 <a href="http://github.com/clowwindy/shadowsocks" target="_blank" rel="external">Shadowsocks</a>。</p>
</blockquote>
<p>我目前在 iPhone 上所用的翻墙方案包含如下两部分 ：</p>
<ul>
<li>自动连接并区分墙内外流量的IPsec VPN</li>
<li>避开GFW污染，并尽量就近解析域名的DNS</li>
</ul>
<blockquote>
<p>以下步骤需要你有自己的 VPS。<br>以下操作基于 Ubuntu，以非 root 用户 ssh 登录。其它发行版应该只有包管理和防火墙部分稍有不同。</p>
</blockquote>
]]>
      
      </description>
      <content:encoded><![CDATA[<blockquote>
<p> iOS8为我们带来了第三方输入法和 App Extentions，越狱的需求越来越少。而且自从在 <a href="http://bither.net" target="_blank" rel="external">Bither</a> 里存了一些比特币之后，我就越来越关注手机系统的安全性。现在真的是能不越狱就尽量不越了。那么不越狱的话怎么满足我自由的访问互联网的需求呢？<br>OS X，PC 或者 Android 翻墙，请移步 <a href="http://github.com/clowwindy/shadowsocks" target="_blank" rel="external">Shadowsocks</a>。</p>
</blockquote>
<p>我目前在 iPhone 上所用的翻墙方案包含如下两部分 ：</p>
<ul>
<li>自动连接并区分墙内外流量的IPsec VPN</li>
<li>避开GFW污染，并尽量就近解析域名的DNS</li>
</ul>
<blockquote>
<p>以下步骤需要你有自己的 VPS。<br>以下操作基于 Ubuntu，以非 root 用户 ssh 登录。其它发行版应该只有包管理和防火墙部分稍有不同。</p>
</blockquote>
<a id="more"></a>


<h1 id="IPsec_VPN">IPsec VPN</h1>
<p>我是在 <a href="https://twitter.com/emptyzone0" target="_blank" rel="external">Twitter</a> 上看到 <a href="https://twitter.com/Cattyhouse" target="_blank" rel="external">Justin</a> 说 Anyconnect 在 iOS8 上变的特别慢之后，才开始考虑停掉 <a href="http://www.infradead.org/ocserv/" target="_blank" rel="external">ocserv</a> 换用 IPsec VPN 的，IPsec 的配置方法参考了 <a href="https://twitter.com/Cattyhouse" target="_blank" rel="external">Justin</a> 的<a href="https://medium.com/@cattyhouse/ios-ondemand-ipsec-vpn-setup-ebfb82b6f7a1" target="_blank" rel="external">文章</a>。由于 IKEv2 在 iOS8 上有 <a href="http://www.v2ex.com/t/138171" target="_blank" rel="external">Bug</a>，所以这里还是用的 IKEv1 协议。不过如果 Apple 在哪个版本修复了 IKEv2 的话，现在这个配置方式也是很容易迁移到 IKEv2 的。</p>
<h2 id="编译_Strongswan">编译 Strongswan</h2>
<p>apt-get 里的 Strongswan 版本低，所以这里需要自行编译最新版的 Strongswan。</p>
<h3 id="检查依赖">检查依赖</h3>
<p>如果是基于 OpenVZ 的 VPS 的话，先要检查一下有没有 TUN Device。输入下面的命令。非 OpenVZ 可以跳过这一步。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">cat /dev/net/tun</div></pre></td></tr></table></figure>

<p>如果执行结果如下，那么就可以安装 Strongswan 了。否则的话，去给 VPS 提供商发 Ticket 看能不能解决吧。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">cat: /dev/net/tun: File descriptor <span class="keyword">in</span> bad state</div></pre></td></tr></table></figure>

<h3 id="下载源码">下载源码</h3>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line">wget http://download.strongswan.org/strongswan.tar.gz && tar zxvf strongswan* </div><div class="line"><span class="built_in">cd</span> strongswan*</div></pre></td></tr></table></figure>

<h3 id="安装编译所需的包">安装编译所需的包</h3>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line"><span class="built_in">sudo</span> apt-get build-dep strongswan</div><div class="line"><span class="built_in">sudo</span> apt-get install libgmp3-dev openssl  libssl-dev</div></pre></td></tr></table></figure>

<h3 id="编译">编译</h3>
<p>Strongswan 在 <code>configure</code> 时要对 OpenVZ 特殊处理。</p>
<p>非 OpenVZ 执行如下命令。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">./configure --sysconfdir=/etc --disable-sql --disable-mysql --disable-ldap --enable-dhcp --enable-eap-identity --enable-eap-mschapv2 --enable-md4 --enable-xauth-eap --enable-eap-peap --enable-eap-md5 --enable-openssl --enable-shared --enable-unity --enable-eap-tls   --enable-eap-ttls --enable-eap-tnc --enable-eap-dynamic --enable-addrblock --enable-radattr --enable-nat-transport --enable-kernel-netlink</div></pre></td></tr></table></figure>

<p>OpenVZ 要加上 <code>--enable-kernel-libipsec</code> 参数，完整命令如下。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">./configure --sysconfdir=/etc --disable-sql --disable-mysql --disable-ldap --enable-dhcp --enable-eap-identity --enable-eap-mschapv2 --enable-md4 --enable-xauth-eap --enable-eap-peap --enable-eap-md5 --enable-openssl --enable-shared --enable-unity --enable-eap-tls   --enable-eap-ttls --enable-eap-tnc --enable-eap-dynamic --enable-addrblock --enable-radattr --enable-nat-transport --enable-kernel-netlink --enable-kernel-libipsec</div></pre></td></tr></table></figure>

<p><code>configure</code> 完之后就可以 <code>make</code> 和 <code>install</code> 了</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">make && <span class="built_in">sudo</span> make install</div></pre></td></tr></table></figure>

<h2 id="生成证书">生成证书</h2>
<p>这里是使用的自签名证书，需要你把 CA 证书用邮件发到 iOS 设备上安装才行。如果要用 ssl 证书，可以参考 <a href="https://twitter.com/wzxjohn" target="_blank" rel="external">wzxjohn</a> 的<a href="http://maoxian.de/2014/10/setup-ikev2-on-demand-vpn-on-ios-8-and-ikev2-ikev1-cisco-ipsec-vpn-with-strongswan/1220.html" target="_blank" rel="external">文章</a>。</p>
<p>Strongswan 的证书都是要放在 <code>/etc/ipsec.d/</code> 里的，不过我们是非 root 登录的，不方便直接操作这个目录，可以现在 home 目录下新建个目录来生成证书，等都生成好了再复制到 <code>/etc/ipsec.d/</code> 就行了。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">mkdir ~/ipsec_cert && <span class="built_in">cd</span> ~/ipsec_cert</div></pre></td></tr></table></figure>

<p>生成证书用到的命令比较多，我写好了 script 来做这件事</p>
<h3 id="生成服务器证书">生成服务器证书</h3>
<p>记得把我这里写的 <code>emptyzone.github.io</code> 换成你自己的 Server IP 或者是域名。你打算用域名访问 VPN 就写 域名，打算用 IP 访问就写 IP，别写错了。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line">wget https://gist.githubusercontent.com/songchenwen/<span class="number">14</span>c1c663ea65d5d4a28b/raw/cef8d8bafe6168388b105f780c442412e6f8ede7/server_key.sh</div><div class="line">sh server_key.sh emptyzone.github.io</div></pre></td></tr></table></figure>

<h3 id="生成客户端证书">生成客户端证书</h3>
<p>把 <code>gary</code> 和 <code>gary@gmail.com</code> 换成你自己的用户名和email。这个脚本执行完会生成好导入 iOS 时需要的 <code>p12</code> 证书文件，最后提示你输入的密码就是用来加密它的，在往 iOS 导入时输入相同的即可。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line">wget https://gist.githubusercontent.com/songchenwen/<span class="number">14</span>c1c663ea65d5d4a28b/raw/<span class="number">54843</span>ae2e5e6d1159134<span class="built_in">cd</span>9a90a08c31ff5a253d/client_key.sh</div><div class="line">sh client_key.sh gary gary@gmail.com</div></pre></td></tr></table></figure>

<p>执行完成后可以把以用户名开头的 <code>.p12</code> 文件 和 <code>cacerts/strongswanCert.pem</code> 下载到本地来备用。</p>
<h3 id="复制证书到_/etc/ipsec-d/">复制证书到  <code>/etc/ipsec.d/</code></h3>
<p>Strongswan 需要的是 <code>cacerts/strongswanCert.pem</code> <code>certs/vpnHostCert.pem</code> <code>private/vpnHostKey.pem</code> 这三个文件。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div></pre></td><td class="code"><pre><div class="line"><span class="built_in">sudo</span> cp cacerts/strongswanCert.pem /etc/ipsec.d/cacerts/strongswanCert.pem </div><div class="line"><span class="built_in">sudo</span> cp certs/vpnHostCert.pem /etc/ipsec.d/certs/vpnHostCert.pem</div><div class="line"><span class="built_in">sudo</span> cp private/vpnHostKey.pem /etc/ipsec.d/private/vpnHostKey.pem</div></pre></td></tr></table></figure>

<h2 id="配置_Strongswan">配置 Strongswan</h2>
<h3 id="编辑_/etc/ipsec-conf">编辑 /etc/ipsec.conf</h3>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line"><span class="built_in">sudo</span> vi /etc/ipsec.conf</div></pre></td></tr></table></figure>



<figure class="highlight nginx"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div><div class="line">24</div><div class="line">25</div></pre></td><td class="code"><pre><div class="line"><span class="title">config</span> setup</div><div class="line">	<span class="comment"># strictcrlpolicy=yes</span></div><div class="line">	<span class="comment">#  uniqueids = replace</span></div><div class="line">	<span class="comment"># charondebug="cfg 2, dmn 2, ike 2, net 0" #要看Log时，取消注释本行</span></div><div class="line"></div><div class="line">conn %default</div><div class="line">	keyexchange=ikev1</div><div class="line">	dpdaction=hold</div><div class="line">	dpddelay=<span class="number">600s</span></div><div class="line">	dpdtimeout=<span class="number">5s</span></div><div class="line">	lifetime=<span class="number">24h</span></div><div class="line">	ikelifetime=<span class="number">240h</span></div><div class="line">	rekey=<span class="built_in">no</span></div><div class="line">	left=emptyzone.github.io <span class="comment">#这里换成你登录 VPN 用的域名或 IP，与生成证书时相同 </span></div><div class="line">	leftsubnet=<span class="number">0.0.0.0</span>/<span class="number">0</span></div><div class="line">	leftcert=vpnHostCert.pem</div><div class="line">	leftsendcert=always</div><div class="line">	right=%any</div><div class="line">	rightdns=<span class="number">8.8.8.8</span></div><div class="line">	rightsourceip=<span class="number">10.0.0.0</span>/<span class="number">8</span></div><div class="line"></div><div class="line">conn CiscoIPSec</div><div class="line">	rightauth=pubkey</div><div class="line">	rightauth2=xauth</div><div class="line">	auto=add</div></pre></td></tr></table></figure>

<h3 id="编辑_/etc/ipsec-secrets">编辑 /etc/ipsec.secrets</h3>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line"><span class="built_in">sudo</span> vi /etc/ipsec.secrets</div></pre></td></tr></table></figure>



<figure class="highlight nginx"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div></pre></td><td class="code"><pre><div class="line">#验证用户所需的信息</div><div class="line">#用户名 : EAP "密码"</div><div class="line">: RSA vpnHostKey.pem</div><div class="line">gary : EAP "strongpassword"</div></pre></td></tr></table></figure>

<h2 id="配置防火墙_iptables">配置防火墙 iptables</h2>
<blockquote>
<p>参考我的配置文件，重要的是开启 NAT 转发 开放 <code>4500</code> <code>500</code> 端口和 <code>esp</code> 协议</p>
</blockquote>
<p>/etc/iptables.firewall.rules</p>
<p>注意别把自己的 ssh 端口关闭了</p>
<figure class="highlight iptables"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div><div class="line">24</div><div class="line">25</div><div class="line">26</div><div class="line">27</div><div class="line">28</div><div class="line">29</div><div class="line">30</div><div class="line">31</div><div class="line">32</div><div class="line">33</div><div class="line">34</div><div class="line">35</div><div class="line">36</div></pre></td><td class="code"><pre><div class="line">*filter</div><div class="line"></div><div class="line">#  Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0</div><div class="line">-<span class="ruby"><span class="constant">A</span> <span class="constant">INPUT</span> -i lo -j <span class="constant">ACCEPT</span></span></div><div class="line">-<span class="ruby"><span class="constant">A</span> <span class="constant">INPUT</span> -d <span class="number">127.0</span>.<span class="number">0</span>.<span class="number">0</span>/<span class="number">8</span> -j <span class="constant">LOG</span> --log-prefix <span class="string">"looback denied: "</span> --log-level <span class="number">7</span></span></div><div class="line">-<span class="ruby"><span class="constant">A</span> <span class="constant">INPUT</span> -d <span class="number">127.0</span>.<span class="number">0</span>.<span class="number">0</span>/<span class="number">8</span> -j <span class="constant">REJECT</span></span></div><div class="line"></div><div class="line">#  Accept all established inbound connections</div><div class="line">-<span class="ruby"><span class="constant">A</span> <span class="constant">INPUT</span> -m state --state <span class="constant">ESTABLISHED</span>,<span class="constant">RELATED</span> -j <span class="constant">ACCEPT</span></span></div><div class="line"></div><div class="line">#  Allow all outbound traffic - you can modify this to only allow certain traffic</div><div class="line">-<span class="ruby"><span class="constant">A</span> <span class="constant">OUTPUT</span> -j <span class="constant">ACCEPT</span></span></div><div class="line"></div><div class="line">#  Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).</div><div class="line">-<span class="ruby"><span class="constant">A</span> <span class="constant">INPUT</span> -p tcp --dport <span class="number">80</span> -j <span class="constant">ACCEPT</span></span></div><div class="line"></div><div class="line"># Allow ipsec</div><div class="line">-<span class="ruby"><span class="constant">A</span> <span class="constant">INPUT</span> -p udp --dport <span class="number">4500</span> --j <span class="constant">ACCEPT</span></span></div><div class="line">-<span class="ruby"><span class="constant">A</span> <span class="constant">INPUT</span> -p udp --dport <span class="number">500</span> --j <span class="constant">ACCEPT</span></span></div><div class="line">-<span class="ruby"><span class="constant">A</span> <span class="constant">INPUT</span> -p esp -j <span class="constant">ACCEPT</span></span></div><div class="line"></div><div class="line">#  Allow SSH connections</div><div class="line">#</div><div class="line">#  The -dport number should be the same port number you set in sshd_config</div><div class="line">#</div><div class="line">-<span class="ruby"><span class="constant">A</span> <span class="constant">INPUT</span> -p tcp -m state --state <span class="constant">NEW</span> --dport <span class="number">1010</span> -j <span class="constant">ACCEPT</span></span></div><div class="line"></div><div class="line">#  Allow ping</div><div class="line">-<span class="ruby"><span class="constant">A</span> <span class="constant">INPUT</span> -p icmp -j <span class="constant">ACCEPT</span></span></div><div class="line"></div><div class="line">#  Log iptables denied calls</div><div class="line">-<span class="ruby"><span class="constant">A</span> <span class="constant">INPUT</span> -m limit --limit <span class="number">5</span>/min -j <span class="constant">LOG</span> --log-prefix <span class="string">"iptables denied: "</span> --log-level <span class="number">7</span></span></div><div class="line"></div><div class="line">-<span class="ruby"><span class="constant">A</span> <span class="constant">INPUT</span> -j <span class="constant">DROP</span></span></div><div class="line"></div><div class="line">COMMIT</div></pre></td></tr></table></figure>

<p>在 <code>/etc/sysctl.conf</code> 中开启 <code>net.ipv4.ip_forward=1</code></p>
<p>编辑 <code>/etc/network/if-pre-up.d/firewall</code></p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line"> <span class="comment">#!/bin/sh </span></div><div class="line">/sbin/iptables-restore &lt; /etc/iptables.firewall.rules</div></pre></td></tr></table></figure>

<p>执行</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line"><span class="built_in">sudo</span> chmod +x /etc/network/<span class="keyword">if</span>-pre-up.d/firewall</div></pre></td></tr></table></figure>

<p>编辑 <code>/etc/rc.local</code> 在 <code>exit 0</code> 前加上，<code>20.16.3.18</code> 换成你的服务器 IP。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div></pre></td><td class="code"><pre><div class="line">iptables -t nat -A POSTROUTING -j MASQUERADE</div><div class="line">iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu</div><div class="line">iptables -A POSTROUTING -t nat <span class="operator">-s</span> <span class="number">10.0</span>.<span class="number">0.0</span>/<span class="number">8</span> -j SNAT --to-source <span class="number">20.16</span>.<span class="number">3.18</span></div></pre></td></tr></table></figure>

<p>现在可以重启一下服务器，然后执行 <code>sudo iptables -L</code>，看看防火墙有没有添加对。</p>
<h2 id="区分流量自动路由">区分流量自动路由</h2>
<p>是的，你没看错，IPsec IKEv1 也是支持自动路由的。IPsec 支持 <a href="https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling" target="_blank" rel="external">SplitTunneling</a>。iOS 上的 IPsec 客户端用的是 Racoon，这货支持 Unity Plugin。也就是说我们可以用 IP 列表来区分国内外流量了。</p>
<p>但是当启用了 <code>SplitTunneling</code> 之后，iOS 端就不会使用我们在服务器端配置的 DNS 了，所以我们还需要利用 Unity Plugin 的 <code>Split DNS</code> 来把抗干扰的 DNS 推给客户端。</p>
<p>IP 列表可能会经常维护，所以我希望把它和主配置文件分开放置。放在我的 <code>home</code> 目录里就好了。</p>
<h3 id="修改_/etc/strongswan-conf">修改 /etc/strongswan.conf</h3>
<p>在文件最后加上一句 <code>include /home/gary/ipsec_config/*.conf</code> ，<code>gary</code> 换成你的 ssh 用户名，这样strongswan 就会导入我的 <code>~/ipsec_config</code> 目录下的所有 <code>.conf</code> 文件。</p>
<h3 id="添加_IP_列表配置">添加 IP 列表配置</h3>
<p>这是我现在用的 IP 列表，目前除了 Instagram 经常有图片下载不下来以外，没有别的问题。这个 IP 列表 iOS 端估计是有数量上限的。我测试的结果是当数量大于160时，iOS 端会返回 <code>IKE DELETE</code>。</p>
<p><code>28675</code> 是 <code>Split DNS</code> 的 Key，我这里用上了 GFWList 中的所有顶级域名。</p>
<p>创建并编辑 <code>~/ipsec_config/attr.conf</code></p>
<figure class="highlight nginx"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div></pre></td><td class="code"><pre><div class="line">charon {</div><div class="line">  plugins {</div><div class="line">    attr {</div><div class="line"></div><div class="line">	split-include = 63.140.32.0/19, 66.117.16.0/20, 66.235.0.0/16, 130.248.0.0/16, 153.32.0.0/16, 185.34.188.0/22, 192.147.117.0/24, 192.150.0.0/16, 192.243.224.0/20, 192.243.248.0/21, 193.104.215.0/24, 195.35.86.0/24, 208.77.136.0/22, 216.104.0.0/16, 8.18.144.0/23, 23.20.0.0/14, 27.0.0.0/22, 46.51.128.0/18, 46.51.192.0/20, 46.51.216.0/21, 46.51.224.0/19, 46.137.0.0/17, 46.137.128.0/18, 46.137.224.0/19, 50.16.0.0/14, 50.112.0.0/16, 54.0.0.0/8, 67.202.0.0/18, 72.21.192.0/19, 72.44.32.0/19, 75.101.128.0/17, 79.125.0.0/17, 87.238.80.0/21, 96.127.0.0/17, 103.246.148.0/22, 107.20.0.0/14, 122.248.192.0/18, 174.129.0.0/16, 176.32.64.0/19, 176.34.0.0/16, 178.236.0.0/20, 184.72.0.0/15, 184.169.128.0/17, 184.154.0.0/16, 185.48.120.0/22, 199.0.0.0/8, 203.83.220.0/22, 204.236.128.0/17, 204.246.160.0/20, 204.246.176.0/22, 204.246.180.0/23, 204.246.182.0/24, 204.246.184.0/21, 205.251.192.0/19, 205.251.224.0/20, 205.251.240.0/21, 205.251.248.0/22, 205.251.252.0/23, 205.251.254.0/24, 207.171.160.0/19, 216.137.32.0/21, 216.137.40.0/22, 216.137.44.0/23, 216.137.48.0/20, 216.182.224.0/20, 17.0.0.0/8, 63.92.224.0/19, 192.12.74.0/24, 192.42.249.0/24, 204.79.190.0/24, 104.16.0.0/12, 108.162.192.0/19, 108.162.224.0/20, 108.162.240.0/21, 108.162.248.0/22, 108.162.252.0/23, 108.162.254.0/24, 162.158.0.0/15, 173.245.48.0/20, 198.41.128.0/17, 204.93.177.0/24, 108.160.160.0/20, 205.189.0.0/24, 37.48.64.0/18, 85.17.0.0/16, 95.211.0.0/16, 31.13.24.0/21, 31.13.64.0/18, 66.220.144.0/20, 69.63.176.0/20, 69.171.224.0/19, 74.119.76.0/22, 173.252.64.0/18, 204.15.20.0/22, 23.235.32.0/20, 104.156.80.0/20, 208.71.104.0/22, 192.30.252.0/22, 8.6.48.0/21, 8.8.4.0/24, 8.8.8.0/24, 8.15.202.0/24, 8.34.208.0/20, 8.35.192.0/20, 23.236.48.0/20, 23.251.128.0/19, 64.9.224.0/19, 64.233.160.0/19, 66.102.0.0/20, 66.249.64.0/19, 70.32.128.0/19, 72.14.192.0/18, 74.125.0.0/16, 104.132.0.0/14, 104.154.0.0/15, 104.196.0.0/14, 107.167.160.0/19, 107.178.192.0/18, 108.59.80.0/20, 108.170.192.0/18, 108.177.0.0/17, 130.211.0.0/16, 142.250.0.0/15, 146.148.0.0/17, 162.216.148.0/22, 162.222.176.0/21, 172.217.0.0/16, 172.253.0.0/16, 173.194.0.0/16, 173.255.112.0/20, 192.158.28.0/22, 192.178.0.0/15, 207.223.160.0/20, 209.85.128.0/17, 216.58.192.0/19, 216.239.32.0/19, 205.196.120.0/22, 8.25.0.0/16, 192.133.76.0/22, 93.184.216.0/24, 59.24.3.0/24, 91.198.174.0/24, 185.15.56.0/22, 198.35.26.0/23, 198.73.209.0/24, 208.80.152.0/22, 66.155.8.0/21, 76.74.248.0/21, 192.0.64.0/18, 198.181.116.0/22</div><div class="line"></div><div class="line">      28675 = mil com tv fm za tw org info biz ca net ru au us de hk jp me uk io is it in li gov ly fr nu st asia im my xxx tk eu cc mobi se edu il kr ie ar nl cm ua es ph bz br be mp cz name lu ch su to no co nz sg ma vc am at la sh tl gd sk id pl mo tc hu</div><div class="line"></div><div class="line">    }</div><div class="line">  }</div><div class="line">}</div></pre></td></tr></table></figure>

<p>现在可以执行 <code>sudo ipsec start --nofork</code>，试一下了。<code>--nofork</code> 参数会让 strongswan 在前台运行，调试时加上就可以了，平时就让它在后台运行吧。</p>
<h2 id="开机自启">开机自启</h2>
<p>编辑 <code>/etc/rc.local</code> 在 <code>exit 0</code> 前加上 <code>ipsec start</code>。</p>
<h2 id="iOS_端自动配置文件">iOS 端自动配置文件</h2>
<p>这里完全参考 <a href="https://twitter.com/Cattyhouse" target="_blank" rel="external">Justin</a> 的<a href="https://medium.com/@cattyhouse/ios-ondemand-ipsec-vpn-setup-ebfb82b6f7a1" target="_blank" rel="external">文章</a>就可以了，他那有截图，我就只说一下步骤吧。</p>
<p>用 Apple Configurator 创建配置描述文件。</p>
<p>通用里的名称和标识符自己填好。</p>
<p>凭证里导入刚才下载好的客户端 <code>.p12</code> 证书。</p>
<p>VPN里连接类型选 <code>IPsec(Cisco)</code>，机器鉴定选证书，在下面选中刚才导入的证书。</p>
<p>导出这个配置描述文件，别签名。</p>
<p>用文本编辑器编辑。</p>
<p>找到这一段</p>
<figure class="highlight plist"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line"><span class="tag">&lt;<span class="title">key</span>&gt;</span>OnDemandEnabled<span class="tag">&lt;/<span class="title">key</span>&gt;</span></div><div class="line"><span class="tag">&lt;<span class="title">integer</span>&gt;</span>1<span class="tag">&lt;/<span class="title">integer</span>&gt;</span></div></pre></td></tr></table></figure>

<p>改成下面这样</p>
<figure class="highlight plist"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div></pre></td><td class="code"><pre><div class="line"><span class="tag">&lt;<span class="title">key</span>&gt;</span>OnDemandEnabled<span class="tag">&lt;/<span class="title">key</span>&gt;</span></div><div class="line"><span class="tag">&lt;<span class="title">integer</span>&gt;</span>1<span class="tag">&lt;/<span class="title">integer</span>&gt;</span></div><div class="line"><span class="tag">&lt;<span class="title">key</span>&gt;</span>OnDemandRules<span class="tag">&lt;/<span class="title">key</span>&gt;</span></div><div class="line"><span class="tag">&lt;<span class="title">array</span>&gt;</span></div><div class="line">  <span class="tag">&lt;<span class="title">dict</span>&gt;</span></div><div class="line">    <span class="tag">&lt;<span class="title">key</span>&gt;</span>Action<span class="tag">&lt;/<span class="title">key</span>&gt;</span></div><div class="line">    <span class="tag">&lt;<span class="title">string</span>&gt;</span>Connect<span class="tag">&lt;/<span class="title">string</span>&gt;</span></div><div class="line">  <span class="tag">&lt;/<span class="title">dict</span>&gt;</span></div><div class="line"><span class="tag">&lt;/<span class="title">array</span>&gt;</span></div></pre></td></tr></table></figure>

<p>另外，如果配置描述文件里只有 <code>XAuthName</code>，没有 <code>XAuthPassword</code>的话，可以自己加上这个 Key，然后把密码填上。</p>
<p>把这个配置描述文件，连同刚才下载好的服务器CA证书 <code>strongswanCert.pem</code> 一起，用邮件发到自己的 iOS 设备上，然后安装好，试一下吧。</p>
<h1 id="DNS">DNS</h1>
<p>使用刚才配置的 IPsec VPN 翻墙的话，就总会使用谷歌的 DNS 服务器做域名查询。这样很多明明国内有 CDN 的域名，却会解析到国外的 IP 上，造成访问缓慢。所以我要利用 <code>pdnsd</code> 来创建一个带缓存的域名解析服务。这里主要参考了<a href="https://jackyyf.com/work/480" target="_blank" rel="external">这篇文章</a>。</p>
<h2 id="安装_pdsnd">安装 pdsnd</h2>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line"><span class="built_in">sudo</span> apt-get install pdnsd</div></pre></td></tr></table></figure>

<h2 id="配置_pdnsd">配置 pdnsd</h2>
<p>编辑 /etc/pdnsd.conf</p>
<figure class="highlight nginx"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div><div class="line">24</div><div class="line">25</div><div class="line">26</div><div class="line">27</div><div class="line">28</div><div class="line">29</div><div class="line">30</div><div class="line">31</div><div class="line">32</div><div class="line">33</div><div class="line">34</div><div class="line">35</div><div class="line">36</div><div class="line">37</div><div class="line">38</div><div class="line">39</div><div class="line">40</div><div class="line">41</div><div class="line">42</div><div class="line">43</div><div class="line">44</div><div class="line">45</div><div class="line">46</div><div class="line">47</div><div class="line">48</div><div class="line">49</div><div class="line">50</div><div class="line">51</div><div class="line">52</div><div class="line">53</div><div class="line">54</div><div class="line">55</div><div class="line">56</div><div class="line">57</div><div class="line">58</div><div class="line">59</div><div class="line">60</div><div class="line">61</div><div class="line">62</div><div class="line">63</div><div class="line">64</div><div class="line">65</div><div class="line">66</div><div class="line">67</div><div class="line">68</div></pre></td><td class="code"><pre><div class="line">global {</div><div class="line">	perm_cache = 8192;</div><div class="line">	cache_dir = "/var/cache/pdnsd";</div><div class="line">	run_as = "pdnsd";</div><div class="line">	server_ip = 0.0.0.0;</div><div class="line">	status_ctl = on;</div><div class="line">	paranoid = on;</div><div class="line">	query_method = udp_tcp;</div><div class="line">	tcp_server = on;</div><div class="line">	min_ttl = 1d;</div><div class="line">	max_ttl = 52w;</div><div class="line">	timeout = 10;</div><div class="line"></div><div class="line">	randomize_recs = on;</div><div class="line">	debug = off;</div><div class="line">	daemon = on;</div><div class="line">	verbosity = 1;</div><div class="line">	neg_rrs_pol = on;</div><div class="line">	neg_domain_pol = on;</div><div class="line">	par_queries = 4;</div><div class="line">}</div><div class="line"></div><div class="line">server {</div><div class="line">	label				= "Unicom Beijing";</div><div class="line">	ip 					=  202.106.196.115, 202.106.46.151, 202.106.0.20, 202.106.195.68;</div><div class="line">	timeout				= 10;</div><div class="line">	proxy_only			= on;</div><div class="line">	caching				= on;</div><div class="line">	randomize_servers	= off;</div><div class="line">    reject_policy		= fail;</div><div class="line">    reject_recursively  = on;</div><div class="line">	include				=</div><div class="line">// Place Domains Below. Remember add a dot(".") at the start of domain, if you also want to redirect all subdomains!</div><div class="line">		".cn",</div><div class="line">// Place Domains Above.</div><div class="line">		"DOMAIN.PADDING";</div><div class="line"></div><div class="line"></div><div class="line">	exclude				=</div><div class="line">// Place Domains Below. Remember add a dot(".") at the start of domain, if you also want to redirect all subdomains!</div><div class="line"></div><div class="line">".darpa.mil", ".fxnetworks.com", ".hulu.com", ".huluim.com", ".muzu.tv", ".netflix.com", ".pandora.com", ".pandora.tv", ".pure18.com", ".spotify.com", ".target.com", ".turntable.fm", ".vevo.com", ".zattoo.com", ".qq.co.za", ".zozotown.com", ".0rz.tw", ".0to255.com", ".1-apple.com.tw", ".10musume.com", ".123rf.com", ".12bet.com", ".12vpn.com", ".141hongkong.com", ".173ng.com", ".1984bbs.com", ".1984bbs.org", ".1bao.org", ".1pondo.tv", ".1eew.com", ".2-hand.info", ".2000fun.com", ".2008xianzhang.info", ".21andy.com", ".24smile.org", ".2shared.com", ".315lz.com", ".36rain.com", ".4bluestones.biz", ".4chan.org", ".5i01.com", ".taiwannation.50webs.com", ".51.ca", ".5maodang.com", ".6-4.net", ".64tianwang.com", ".64wiki.com", ".666kb.com", ".6park.com", ".www.6v6dota.com", ".7capture.com", ".881903.com", ".888.com", ".89-64.org", ".9001700.com", ".908taiwan.org", ".92ccav.com", ".9bis.com", ".9bis.net", ".a-normal-day.com", ".a5.com.ru", ".aboluowang.com", ".aboutgfw.com", ".acgkj.com", ".actimes.com.au", ".aculo.us", ".addictedtocoffee.de", ".adultfriendfinder.com", ".adultkeep.net", ".advanscene.com", ".advertfan.com", ".aenhancers.com", ".af.mil", ".aiph.net", ".aisex.com", ".ait.org.tw", ".aiweiweiblog.com", ".ajaxplorer.info", ".www.ajsands.com", ".akiba-online.com", ".al-qimmah.net", ".alabout.com", ".alasbarricadas.org", ".notes.alexdong.com", ".alexlur.org", ".aliengu.com", ".alkasir.com", ".allgirlsallowed.org", ".alliance.org.hk", ".allinfa.com", ".allinfo.com", ".allmovie.com", ".alternate-tools.com", ".alvinalexander.com", ".alwaysdata.com", ".alwaysdata.net", ".am730.com.hk", ".amazon.com", ".ameblo.jp", ".americangreencard.com", ".amiblockedornot.com", ".amnesty.org", ".amnestyusa.org", ".amoiist.com", ".amzs.me", ".analyze-v.com", ".anchorfree.com", ".andfaraway.net", ".animecrazy.net", ".anobii.com", ".anonymizer.com", ".anontext.com", ".anthonycalzadilla.com", ".antiwave.net", ".aobo.com.au", ".aolchannels.aol.com", ".video.aol.ca", ".aol.co.uk", ".video.aol.com", ".www.aolnews.com", ".video.ap.org", ".apetube.com", ".apiary.io", ".apigee.com", ".appledaily.com", ".archive.is", ".archive.org", ".arctosia.com", ".areca-backup.org", ".army.mil", ".artsy.net", ".asahichinese.com", ".asdfg.jp", ".asiaharvest.org", ".asianews.it", ".asianwomensfilm.de", ".askstudent.com", ".askynz.net", ".assembla.com", ".astonmartinnews.com", ".atchinese.com", ".atgfw.org", ".atj.org.tw", ".atlaspost.com", ".atnext.com", ".avaaz.org", ".avdb.in", ".avidemux.org", ".avoision.com", ".axureformac.com", ".forum.baby-kingdom.com", ".babynet.com.hk", ".backchina.com", ".backpackers.com.tw", ".badoo.com", ".baidu.jp", ".baixing.me", ".hen.bao.li", ".bannedbook.org", ".barnabu.co.uk", ".bayvoice.net", ".dajusha.baywords.com", ".bbc.co.uk", ".bbcchinese.com", ".bbc.in", ".bbg.gov", ".bbsfeed.com", ".bbsland.com", ".bcc.com.tw", ".bcchinese.net", ".bebo.com", ".beijing1989.com", ".beijingspring.com", ".berlintwitterwall.com", ".bestforchina.org", ".bestvpnservice.com", ".bet365.com", ".betfair.com", ".bettween.com", ".bewww.net", ".bfnn.org", ".bfsh.hk", ".biantailajiao.com", ".bigfools.com", ".bignews.org", ".bigsound.org", ".bill2-software.com", ".billypan.com", ".billywr.com", ".bipic.net", ".bit.ly", ".bitshare.com", ".bjzc.org", ".tor.blingblingsquad.net", ".blinkx.com", ".blinw.com", ".blip.tv", ".blockcn.com", ".blog.de", ".blogcatalog.com", ".blogger.com", ".blogimg.jp", ".blog.kangye.org", ".bloglines.com", ".bloglovin.com", ".rconversation.blogs.com", ".blogspot.co.uk", ".blogspot.com", ".blogspot.de", ".blogspot.fr", ".blogspot.hk", ".blogspot.in", ".blogspot.jp", ".blogtd.net", ".blogtd.org", ".bloodshed.net", ".bloomberg.cn", ".bloomberg.com", ".bloomberg.de", ".bloomfortune.com", ".bnrmetal.com", ".boardreader.com", ".bonbonme.com", ".books.com.tw", ".botanwang.com", ".bot.nu", ".bowenpress.com", ".dl.box.net", ".boxun.com", ".boxun.tv", ".boxunblog.com", ".br.st", ".brandonhutchinson.com", ".braumeister.org", ".break.com", ".breakingtweets.com", ".briefdream.com", ".brightkite.com", ".brizzly.com", ".broadbook.com", ".ibros.org", ".brucewang.net", ".bt95.com", ".budaedu.org", ".bullog.org", ".bullogger.com", ".businessweek.com", ".businesstimes.com.cn", ".bugclub.org", ".buugaa.com", ".buzzurl.jp", ".bwsj.hk", ".holz.byethost8.com", ".c-spanvideo.org", ".c-est-simple.com", ".cactusvpn.com", ".cafepress.com", ".calameo.com", ".cn.calameo.com", ".cams.com", ".canadameet.com", ".bbs.cantonese.asia", ".www.cantonese.asia", ".canyu.org", ".cao.im", ".caobian.info", ".caochangqing.com", ".cari.com.my", ".catch22.net", ".catfightpayperview.xxx", ".catholic.org.hk", ".catholic.org.tw", ".cbsnews.com", ".ccavtop10.com", ".ccdtr.org", ".cclife.org", ".ccthere.com", ".cctongbao.com", ".ccue.ca", ".ccue.com", ".cdig.info", ".cdjp.org", ".cdnews.com.tw", ".cdp1998.org", ".cdp2006.org", ".cdpusa.org", ".cdpweb.org", ".cdpwu.org", ".cecc.gov", ".cellulo.info", ".cenci.tk", ".cenews.eu", ".centralnation.com", ".centurys.net", ".chandoo.org", ".change.org", ".changp.com", ".chaturbate.com", ".chengmingmag.com", ".chenguangcheng.com", ".chenpokong.com", ".cherrysave.com", ".china-week.com", ".china101.com", ".china21.com", ".china21.org", ".chinaaffairs.org", ".chinaaid.me", ".chinaaid.us", ".chinaaid.org", ".chinaaid.net", ".chinacomments.org", ".chinachannel.hk", ".chinadigitaltimes.net", ".chinaeweekly.com", ".chinafreepress.org", ".chinageeks.org", ".chinagfw.org", ".chinagreenparty.org", ".chinahush.com", ".chinalawtranslate.com", ".chinaxchina.com", ".chinainperspective.com", ".chinainperspective.net", ".chinainperspective.org", ".chinainterimgov.org", ".chinalawandpolicy.com", ".chinamule.com", ".chinamz.org", ".chinarightsia.org", ".chinasocialdemocraticparty.com", ".chinasoul.org", ".chinatimes.com", ".chinatweeps.com", ".chinaway.org", ".chinaworker.info", ".chinayouth.org.hk", ".chinayuanmin.org", ".chinese-hermit.net", ".chinese-memorial.org", ".chinesedailynews.com", ".chinesen.de", ".chinesenewsnet.com", ".chinesepen.org", ".chinesetalks.net", ".chingcheong.com", ".chn.chosun.com", ".christianstudy.com", ".christusrex.org", ".chrlcg-hk.org", ".chromeadblock.com", ".chubun.com", ".chuizi.net", ".chrispederick.com", ".chrispederick.net", ".chrlawyers.hk", ".allaboutalpha.com", ".citizenlab.org", ".citizensradio.org", ".city9x.com", ".civicparty.hk", ".civilhrfront.org", ".psiphon.civisec.org", ".cjb.net", ".ck101.com", ".classicalguitarblog.net", ".clb.org.hk", ".clipfish.de", ".cmule.com", ".cms.gov", ".cna.com.tw", ".cnavista.com.tw", ".cnd.org", ".wiki.cnitter.com", ".cnn.com", ".news.cnyes.com", ".cochina.org", ".code1984.com", ".codeshare.io", ".tosh.comedycentral.com", ".comefromchina.com", ".compileheart.com", ".conoyo.com", ".coolaler.com", ".coolder.com", ".coolloud.org.tw", ".corumcollege.com", ".couchdbwiki.com", ".cotweet.com", ".cpj.org", ".crackle.com", ".crd-net.org", ".creaders.net", ".crossthewall.net", ".csdparty.com", ".csuchen.de", ".cts.com.tw", ".cuhkacs.org", ".cuihua.org", ".cuiweiping.net", ".curvefish.com", ".culture.tw", ".forum.cyberctm.com", ".cyberghostvpn.com", ".cynscribe.com", ".cytode.us", ".ifan.cz.cc", ".mike.cz.cc", ".nic.cz.cc", ".cl.d0z.net", ".dabr.co.uk", ".dabr.mobi", ".dabr.me", ".dadazim.com", ".dadi360.com", ".dafagood.com", ".dafahao.com", ".dalailama.ru", ".dailidaili.com", ".dailymotion.com", ".dajiyuan.com", ".dajiyuan.eu", ".dalailama.com", ".dalailamaworld.com", ".dalianmeng.org", ".danke4china.net", ".danwei.org", ".daolan.net", ".daxa.cn", ".cn.dayabook.com", ".daylife.com", ".ddc.com.tw", ".de-sci.org", ".lists.debian.org", ".packages.debian.org", ".delcamp.net", ".delicious.com", ".democrats.org", ".desc.se", ".deutsche-welle.de", ".dev102.com", ".devio.us", ".www.dfanning.com", ".dfas.mil", ".diaoyuislands.org", ".digitalnomadsproject.org", ".diigo.com", ".furl.net", ".directcreative.com", ".discuss.com.hk", ".disp.cc", ".dit-inc.us", ".dizhidizhi.com", ".djangosnippets.org", ".dl-laby.jp", ".dlsite.com", ".dnscrypt.org", ".dojin.com", ".dok-forum.net", ".dolc.de", ".dollf.com", ".domain.club.tw", ".dongde.com", ".dongtaiwang.com", ".dongtaiwang.net", ".dongyangjing.com", ".dontfilter.us", ".dontmovetochina.com", ".dotplane.com", ".dotsub.com", ".doubleaf.com", ".dougscripts.com", ".dowei.org", ".doxygen.org", ".dphk.org", ".dpp.org.tw", ".weigegebyc.dreamhosters.com", ".drgan.net", ".dropbox.com", ".dropboxusercontent.com", ".drtuber.com", ".dtiblog.com", ".dtic.mil", ".dtiserv2.com", ".duckduckgo.com", ".duckload.com", ".duckmylife.com", ".duihua.org", ".duoweitimes.com", ".duping.net", ".duplicati.com", ".dupola.com", ".dupola.net", ".dvorak.org", ".dw.de", ".dw-world.com", ".dw-world.de", ".www.dwheeler.com", ".dwnews.com", ".xys.dxiong.com", ".dy24k.info", ".dynawebinc.com", ".dyndns.org", ".dzze.com", ".e-gold.com", ".g.e-hentai.org", ".e-info.org.tw", ".e-traderland.net", ".hkjp.easyweb.hk", ".ebookbrowse.com", ".ebookee.com", ".ecministry.net", ".bbs.ecstart.com", ".edicypages.com", ".edoors.com", ".edubridge.com", ".eevpn.com", ".efcc.org.hk", ".eic-av.com", ".electionsmeter.com", ".eltondisney.com", ".emacsblog.org", ".emory.edu", ".emule-ed2k.com", ".chinese.engadget.com", ".englishfromengland.co.uk", ".entermap.com", ".epochtimes-bg.com", ".epochtimes-romania.com", ".epochtimes.co.il", ".epochtimes.co.kr", ".epochtimes.com", ".epochtimes.de", ".epochtimes.fr", ".epochtimes.ie", ".epochtimes.jp", ".epochtimes.ru", ".epochtimes.se", ".epochtimestr.com", ".epochweekly.com", ".erabaru.net", ".erepublik.com", ".ernestmandel.org", ".erights.net", ".etaiwannews.com", ".etizer.org", ".www.eulam.com", ".eventful.com", ".exblog.jp", ".exblog.co.jp", ".expatshield.com", ".exploader.net", ".extremetube.com", ".eyevio.jp", ".ezpc.tk", ".ezpeer.com", ".facebook.com", ".connect.facebook.net", ".facesofnyfw.com", ".faiththedog.info", ".fakku.net", ".falunart.org", ".falundafa.org", ".falundafamuseum.org", ".falunhr.org", ".fanglizhi.info", ".fangong.org", ".fangongheike.com", ".fanqianghou.com", ".fapdu.com", ".fawanghuihui.org", ".fbcdn.net", ".fanqiangyakexi.net", ".fail.hk", ".famunion.com", ".fan-qiang.com", ".fangbinxing.com", ".fangeming.com", ".fanswong.com", ".fanyue.info", ".farwestchina.com", ".fastly.net", ".favorious.com", ".en.favotter.net", ".faststone.org", ".favstar.fm", ".faydao.com", ".fb.com", ".fb.me", ".fbsbx.com", ".fc2.com", ".fc2china.com", ".blog125.fc2blog.net", ".video.fdbox.com", ".fdc89.jp", ".fourface.nodesnoop.com", ".feedbooks.mobi", ".feeds.feedburner.com", ".feeds2.feedburner.com", ".feedzshare.com", ".feelssh.com", ".feer.com", ".felixcat.net", ".feministteacher.com", ".fengzhenghu.com", ".fflick.com", ".fgmtv.net", ".fgmtv.org", ".filefactory.com", ".files2me.com", ".fileserve.com", ".fillthesquare.org", ".finalion.jp", ".findbook.tw", ".finler.net", ".fireofliberty.org", ".falsefire.com", ".fleshbot.com", ".flickr.com", ".staticflickr.com", ".flickrhivemind.net", ".yuming.flnet.org", ".cn.fmnnow.com", ".blog.foolsmountain.com", ".www.forum4hk.com", ".pioneer-worker.forums-free.com", ".4sq.com", ".fotop.net", ".video.foxbusiness.com", ".fringenetwork.com", ".flecheinthepeche.fr", ".focusvpn.com", ".fofg.org", ".fooooo.com", ".footwiball.com", ".fourthinternational.org", ".foxdie.us", ".foxsub.com", ".foxtang.com", ".fqrouter.com", ".franklc.com", ".freakshare.com", ".free4u.com.ar", ".free-gate.org", ".free.fr", ".allonlinux.free.fr", ".dimitrik.free.fr", ".kineox.free.fr", ".puttycm.free.fr", ".freealim.com", ".whitebear.freebearblog.org", ".freechal.com", ".freedomhouse.org", ".freegao.com", ".freelotto.com", ".freeman2.com", ".freeopenvpn.com", ".freemoren.com", ".freemorenews.com", ".freenet-china.org", ".freenewscn.com", ".freeoz.org", ".freeserve.co.uk", ".freessh.us", ".free-ssh.com", ".freenetproject.org", ".www.freetibet.org", ".freewallpaper4.me", ".freewebs.com", ".freeweibo.com", ".freexinwen.com", ".friendfeed.com", ".friendfeed-media.com", ".ff.im", ".zensur.freerk.com", ".freevpn.nl", ".fring.com", ".frommel.net", ".frontlinedefenders.org", ".fscked.org", ".fsurf.com", ".fuckcnnic.net", ".fuckgfw.org", ".fulue.com", ".funf.tw", ".funp.com", ".furinkan.com", ".futurechinaforum.org", ".futuremessage.org", ".fw.cm", ".fzh999.com", ".fzh999.net", ".gabocorp.com", ".galenwu.com", ".game735.com", ".gamebase.com.tw", ".gamer.com.tw", ".gamez.com.tw", ".gaoming.net", ".ganges.com", ".gaopi.net", ".gappp.org", ".gardennetworks.com", ".gardennetworks.org", ".gartlive.com", ".gather.com", ".gaymap.cc", ".gazotube.com", ".gclooney.com", ".gcpnews.com", ".gdbt.net", ".gdzf.org", ".geek-art.net", ".geekerhome.com", ".geekmanuals.com", ".genuitec.com", ".geocities.co.jp", ".geocities.com", ".hk.geocities.com", ".geocities.jp", ".geohot.com", ".geometrictools.com", ".get-digital-help.com", ".getchu.com", ".getfoxyproxy.org", ".getfreedur.com", ".getlantern.org", ".getjetso.com", ".getiton.com", ".getsocialscope.com", ".gfw.org.ua", ".ggssl.com", ".ghost.org", ".giga-web.jp", ".cn.giganews.com", ".gigporno.ru", ".gimpshop.com", ".girlbanker.com", ".glennhilton.com", ".globaljihad.net", ".globalmuseumoncommunism.org", ".globalrescue.net", ".globalvoicesonline.org", ".gmbd.cn", ".gmhz.org", ".goagent.biz", ".goagentplus.com", ".godfootsteps.org", ".goldenmelody.com.tw", ".goldwave.com", ".gongmeng.info", ".gongm.in", ".gongminliliang.com", ".gongwt.com", ".goodreads.com", ".goodreaders.com", ".goofind.com", ".googleusercontent.com", ".googledrive.com", ".googlesile.com", ".gopetition.com", ".googlevideo.com", ".gotw.ca", ".grandtrial.org", ".graphis.ne.jp", ".greatfirewall.biz", ".greatfirewallofchina.net", ".greatfirewallofchina.org", ".greenparty.org.tw", ".gpass1.com", ".great-firewall.com", ".great-roc.org", ".greatroc.org", ".greatzhonghua.org", ".greenvpn.net", ".gs-discuss.com", ".gtricks.com", ".guancha.org", ".gun-world.net", ".gutteruncensored.com", ".gvm.com.tw", ".gzm.tv", ".gzone-anime.info", ".apis.google.com", ".appspot.com", ".code.google.com", ".autoproxy-gfwlist.googlecode.com", ".gfwinterceptor.googlecode.com", ".goagent.googlecode.com", ".gtap.googlecode.com", ".sshtunnel.googlecode.com", ".tuite.googlecode.com", ".gaeproxy.googlecode.com", ".docs.google.com", ".echofon.com", ".golang.org", ".www.klip.me", ".ub0.cc", ".wozy.in", ".drive.google.com", ".groups.google.com", ".google.com", ".google.com.hk", ".encrypted.google.com", ".feedproxy.google.com", ".knol.google.com", ".picasaweb.google.com", ".sites.google.com", ".talkgadget.google.com", ".video.google.com", ".cnn.googlepages.com", ".freegateget.googlepages.com", ".myboooks.googlepages.com", ".gospelherald.com", ".hk.gradconnection.com", ".graylog2.org", ".greatfire.org", ".greatroc.tw", ".gstatic.com", ".guishan.org", ".gunsamerica.com", ".gyalwarinpoche.com", ".h-china.org", ".h1n1china.org", ".hacken.cc", ".hackthatphone.net", ".hahlo.com", ".hakkatv.org.tw", ".hanunyi.com", ".hardsextube.com", ".hasaowall.com", ".have8.com", ".hdtvb.net", ".heartyit.com", ".hecaitou.net", ".hechaji.com", ".helloandroid.com", ".helloqueer.com", ".hellotxt.com", ".htxt.it", ".hellouk.org", ".helpeachpeople.com", ".helpzhuling.org", ".date.fm", ".flightcaster.com", ".branch.com", ".awardwinningfjords.com", ".futureme.org", ".getcloudapp.com", ".cl.ly", ".getsmartlinks.com", ".git-scm.com", ".lesscss.org", ".list.ly", ".maxgif.com", ".overlapr.com", ".peerpong.com", ".pose.com", ".samsoff.es", ".sendoid.com", ".speckleapp.com", ".stuffimreading.net", ".tomayko.com", ".twt.fm", ".views.fm", ".heqinglian.net", ".here4news.com", ".heungkongdiscuss.com", ".app.heywire.com", ".hgseav.com", ".hidden-advent.org", ".hidecloud.com", ".hidemyass.com", ".hideipvpn.com", ".hihiforum.com", ".hihistory.net", ".higfw.com", ".highrockmedia.com", ".hikinggfw.org", ".himemix.com", ".times.hinet.net", ".hjclub.info", ".hk-pub.com", ".hk32168.com", ".app.hkatvnews.com", ".hkbc.net", ".hkbf.org", ".hkday.net", ".hkdailynews.com.hk", ".hkej.com", ".hkepc.com", ".hkfront.org", ".hkgolden.com", ".hkgreenradio.org", ".hkheadline.com", ".hkhkhk.com", ".hkjc.com", ".hkjp.org", ".hkptu.org", ".hkreporter.com", ".hkzone.org", ".apps.hloli.net", ".hnjhj.com", ".holyspiritspeaks.org", ".derekhsu.homeip.net", ".homeservershow.com", ".hongmeimei.com", ".hongzhi.li", ".hootsuite.com", ".hotfile.com", ".hotpot.hk", ".hotspotshield.com", ".hougaige.com", ".howtoforge.com", ".hqcdp.org", ".hrcir.com", ".hrichina.org", ".hrw.org", ".hsjp.net", ".htmldog.com", ".huaglad.com", ".huanghuagang.org", ".huaren.us", ".huaxia-news.com", ".huaxin.ph", ".hua-yue.net", ".hugoroy.eu", ".t.huhaitai.com", ".hungerstrikeforaids.org", ".huping.net", ".hutianyi.net", ".hutong9.net", ".hwinfo.com", ".hypeshell.com", ".hyperrate.com", ".i1.hk", ".i2p2.de", ".i2runner.com", ".iask.ca", ".iask.bz", ".ibiblio.org", ".iblogserv-f.net", ".cn.ibtimes.com", ".blogs.icerocket.com", ".icij.org", ".icl-fi.org", ".iconpaper.org", ".w.idaiwan.com", ".idemocracy.asia", ".identi.ca", ".idiomconnection.com", ".www.idlcoyote.com", ".idouga.com", ".forum.idsam.com", ".idv.tw", ".ieasynews.net", ".ied2k.net", ".ifanqiang.com", ".ifanr.com", ".ifcss.org", ".ifjc.org", ".ig.com.br", ".igfw.net", ".ignitedetroit.net", ".igvita.com", ".ihakka.net", ".iicns.com", ".illusionfactory.com", ".ilove80.be", ".im.tv", ".im88.tw", ".imageflea.com", ".imageshack.us", ".imagevenue.com", ".imagezilla.net", ".www.imdb.com", ".img.ly", ".imkev.com", ".imlive.com", ".immigration.gov.tw", ".tech2.in.com", ".incredibox.fr", ".inmediahk.net", ".innermongolia.org", ".instagram.com", ".interfaceaddiction.com", ".internationalrivers.org", ".internet.org", ".internetdefenseleague.org", ".internetfreedom.org", ".internetpopculture.com", ".inxian.com", ".iphonehacks.com", ".iphonix.fr", ".ipicture.ru", ".ipobar.com", ".ippotv.com", ".iptorrents.com", ".ipvanish.com", ".iredmail.org", ".ironicsoftware.com", ".ironbigfools.compython.net", ".ironpython.net", ".iset.com.tw", ".islam.org.hk", ".isaacmao.com",".!--isaacmao.com", ".isgreat.org", ".ismprofessional.net", ".isohunt.com", ".israbox.com", ".blog.istef.info", ".istockphoto.com", ".isunaffairs.com", ".isuntv.com", ".itaboo.info", ".ithome.com.tw", ".itshidden.com", ".itweet.net", ".iu45.com", ".ixquick.com", ".izaobao.us", ".gmozomg.izihost.org", ".izles.net", ".j.mp", ".blog.jackjia.com", ".jbtalks.cc", ".jbtalks.com", ".jbtalks.my", ".jeanyim.com", ".jgoodies.com", ".jiaoyou8.com", ".jiehua.cz", ".hk.jiepang.com", ".tw.jiepang.com", ".jieshibaobao.com", ".jimoparty.com", ".jinbushe.org", ".zhao.jinhai.de", ".jingpin.org", ".ac.jiruan.net", ".jitouch.com", ".jkforum.net", ".jmsc.hku.hk", ".joachims.org", ".jobso.tv", ".joeedelman.com", ".journalofdemocracy.org", ".jpopforum.net", ".juliereyc.com", ".junauza.com", ".junefourth-20.net", ".justfreevpn.com", ".zh-tw.justin.tv", ".justtristan.com", ".juziyue.com", ".jwmusic.org", ".jyxf.net", ".ka-wai.com", ".kagyuoffice.org.tw", ".kaiyuan.de", ".kakao.com", ".kanzhongguo.com", ".kanzhongguo.eu", ".karayou.com", ".kcsoftwares.com", ".kechara.com", ".keepandshare.com", ".kendincos.net", ".kenengba.com", ".wiki.keso.cn", ".khmusic.com.tw", ".kimy.com.tw", ".kingdomsalvation.org", ".kinghost.com", ".kingstone.com.tw", ".killwall.com", ".kissbbao.cn", ".knowledgerush.com", ".kodingen.com", ".kompozer.net", ".koolsolutions.com", ".koornk.com", ".kui.name", ".kun.im", ".kurtmunger.com", ".kusocity.com", ".kwongwah.com.my", ".kyohk.net", ".kzeng.info", ".la-forum.org", ".ladbrokes.com", ".labiennale.org", ".lagranepoca.com", ".lalulalu.com", ".laogai.org", ".laomiu.com", ".laoyang.info", ".laptoplockdown.com", ".laqingdan.net", ".larsgeorge.com", ".lastfm.es", ".latelinenews.com", ".lazarsearlymusic.com", ".leecheukyan.org", ".lenwhite.com", ".lerosua.org", ".blog.lester850.info", ".letscorp.net", ".liansi.org", ".lianyue.net", ".liaowangxizang.net", ".liberal.org.hk", ".libertytimes.com.tw", ".lidecheng.com", ".limiao.net", ".abitno.linpie.com", ".line.me", ".linglingfa.com", ".linkideo.com", ".api.linksalpha.com", ".apidocs.linksalpha.com", ".www.linksalpha.com", ".help.linksalpha.com", ".linux-engineer.net", ".linuxconfig.org", ".linuxreviews.org", ".linuxtoy.org", ".lipuman.com", ".listentoyoutube.com", ".listorious.com", ".liudejun.com", ".liuhanyu.com", ".liujianshu.com", ".liuxiaotong.com", ".liu.lu", ".liveleak.com", ".livestation.com", ".livestream.com", ".livingonline.us", ".livingstream.com", ".livevideo.com", ".lizhizhuangbi.com", ".lkcn.net", ".lockdown.com", ".lockestek.com", ".logbot.net", ".logiqx.com", ".logmike.com", ".longhair.hk", ".longtermly.net", ".lookatgame.com", ".lookingglasstheatre.org", ".lookpic.com", ".hkreporter.loved.hk", ".lrfz.com", ".lsd.org.hk", ".lsforum.net", ".lsm.org", ".lsmchinese.org", ".lsmkorean.org", ".lupm.org", ".lvhai.org", ".mh4u.org", ".m-team.cc", ".www.macrovpn.com", ".mad-ar.ch", ".marc.info", ".marguerite.su", ".martincartoons.com", ".maiio.net", ".mail-archive.com", ".malaysiakini.com", ".makemymood.com", ".marines.mil", ".martau.com", ".maruta.be", ".marxist.com", ".marxist.net", ".marxists.org", ".mashable.com", ".matainja.com", ".mathiew-badimon.com", ".matsushimakaede.com", ".mayimayi.com", ".mcadforums.com", ".mcfog.com", ".md-t.org", ".mediafire.com", ".meetup.com", ".mefeedia.com", ".lich355.megabyet.net", ".megaporn.com", ".megarotic.com", ".megavideo.com", ".megurineluka.com", ".meirixiaochao.com", ".melon-peach.com", ".memedia.cn", ".memrijttm.org", ".merit-times.com.tw", ".mesotw.com", ".metacafe.com", ".meteorshowersonline.com", ".metrolife.ca", ".mgoon.com", ".mgstage.com", ".mhradio.org", ".michaelanti.com", ".michaelmarketl.com", ".middle-way.net", ".mihk.hk", ".mihua.org", ".mimivip.com", ".minghui.org", ".minghui-school.org", ".mingjinglishi.com", ".mingjingnews.com", ".mingpao.com", ".mingpaomonthly.com", ".mingpaonews.com", ".mingpaony.com", ".mingpaosf.com", ".mingpaotor.com", ".mingpaovan.com", ".mininova.org", ".minzhuhua.net", ".minzhuzhongguo.org", ".miroguide.com", ".mirrorbooks.com", ".mitbbs.com", ".mixero.com", ".mixpod.com", ".mixx.com", ".mizzmona.com", ".mk5000.com", ".mlcool.com", ".mmaaxx.com", ".plurktop.mmdays.com", ".mmmca.com", ".mobatek.net", ".mobile01.com", ".mobileways.de", ".mobypicture.com", ".moby.to", ".wiki.moegirl.org", ".mog.com", ".molihua.org", ".mondex.org", ".www.monlamit.org", ".c1522.mooo.com", ".monitorchina.org", ".bbs.morbell.com", ".morningsun.org", ".movabletype.com", ".moviefap.com", ".www.moztw.org", ".mp3ye.eu", ".mpettis.com", ".mpfinance.com", ".mpinews.com", ".mrtweet.com", ".msn.com.tw", ".msguancha.com", ".mthruf.com", ".multiply.com", ".multiproxy.org", ".forum.mymaji.com", ".multiupload.com", ".muouju.com", ".muselinks.co.jp", ".muzi.com", ".muzi.net", ".mx981.com", ".my-proxy.com", ".forum.my903.com", ".myactimes.com", ".myaudiocast.com", ".myav.com.tw", ".bbs.mychat.to", ".mychinamyhome.com", ".www.mycould.com", ".myeclipseide.com", ".myforum.com.hk", ".myforum.com.uk", ".myfreshnet.com", ".myparagliding.com", ".mypopescu.com", ".mysinablog.com", ".myspace.com", ".naacoalition.org", ".old.nabble.com", ".naitik.net", ".namsisi.com", ".nanyang.com", ".nanyangpost.com", ".nanzao.com", ".line.naver.jp", ".navicat.com", ".nakido.com", ".naol.ca", ".cyberghost.natado.com", ".navy.mil", ".nccwatch.org.tw", ".nch.com.tw", ".ncn.org", ".etools.ncol.com", ".www.ned.org", ".nekoslovakia.net", ".t.neolee.cn", ".netcolony.com", ".bolin.netfirms.com", ".zh.netlog.com", ".netme.cc", ".networkedblogs.com", ".neverforget8964.org", ".new-3lunch.net", ".new-akiba.com", ".newcenturymc.com", ".newcenturynews.com", ".newchen.com", ".newgrounds.com", ".newlandmagazine.com.au", ".news100.com.tw", ".newscn.org", ".newsminer.com", ".newspeak.cc", ".newsancai.com", ".newtaiwan.com.tw", ".newtalk.tw", ".newyorktimes.com", ".apple.nextmedia.com", ".nexton-net.jp", ".nexttv.com.tw", ".nga.mil", ".ngensis.com", ".nicovideo.jp", ".nighost.org", ".nintendium.com", ".dayaarmongol.ning.com", ".taiwanyes.ning.com", ".njactb.org", ".njuice.com", ".nlfreevpn.com", ".nobelprize.org", ".nobodycanstop.us", ".nokogiri.org", ".nokola.com", ".noobbox.com", ".novelasia.com", ".nownews.com", ".nowtorrents.com", ".noypf.com", ".npa.go.jp", ".nps.gov", ".nrk.no", ".nsc.gov.tw", ".ntdtv.co", ".ntdtv.ca", ".ntdtv.org", ".ntdtv.ru", ".ntu.edu.tw", ".nuexpo.com", ".nurgo-software.com", ".nuvid.com", ".nuzcom.com", ".nydus.ca", ".nyt.com", ".nytco.com", ".nytimes.com", ".nysingtao.com", ".nzchinese.net.nz", ".observechina.net", ".oclp.hk", ".october-review.org", ".offbeatchina.com", ".ogaoga.org", ".twtr2src.ogaoga.org", ".oikos.com.tw", ".oiktv.com", ".oizoblog.com", ".okayfreedom.com", ".old-cat.net", ".olumpo.com", ".olympicwatch.org", ".omgili.com", ".omnitalk.com", ".forum.omy.sg", ".news.omy.sg", ".showbiz.omy.sg", ".the-sun.on.cc", ".tv.on.cc", ".onedrive.live.com", ".onlylady.cn", ".onmoon.net", ".onmoon.com", ".oopsforum.com", ".open.com.hk", ".opendemocracy.net", ".myopenid.com", ".openid.net", ".blog.openinkpot.org", ".openleaks.org", ".openvpn.net", ".openwebster.com", ".help.opera.com", ".my.opera.com", ".demo.opera-mini.net", ".opnir.com", ".www.orchidbbs.com", ".orient-doll.com", ".orientaldaily.com.my", ".orientaldaily.on.cc", ".orn.jp", ".t.orzdream.com", ".tui.orzdream.com", ".orzistic.org", ".osfoora.com", ".m.oulove.org", ".ourdearamy.com", ".oursogo.com", ".oursteps.com.au", ".xinqimeng.over-blog.com", ".share.ovi.com", ".owl.li", ".ht.ly", ".htl.li", ".mash.to", ".www.owind.com", ".www.oxid.it", ".oyax.com", ".ozchinese.com", ".ow.ly", ".bbs.ozchinese.com", ".ozyoyo.com", ".pacificpoker.com", ".packetix.net", ".page2rss.com", ".pagodabox.com", ".paint.net", ".coveringweb.com", ".palacemoon.com", ".forum.palmislife.com", ".paper-replika.com", ".eriversoft.com", ".paper.li", ".paperb.us", ".panluan.net", ".panoramio.com", ".parade.com", ".pastebin.com", ".pastie.org", ".blog.pathtosharepoint.com", ".pbs.org", ".pbwiki.com", ".pbworks.com", ".developers.box.net", ".wiki.oauth.net", ".wiki.phonegap.com", ".wiki.jqueryui.com", ".pbxes.com", ".pbxes.org", ".pcdiscuss.com", ".pcdvd.com.tw", ".pchome.com.tw", ".pct.org.tw", ".pdetails.com", ".pdproxy.com", ".peacefire.org", ".peacehall.com", ".peeasian.com", ".pekingduck.org", ".penchinese.com", ".penchinese.net", ".pengyulong.com", ".blog.pentalogic.net", ".penthouse.com", ".peopo.org", ".percy.in", ".perfectvpn.net", ".perfspot.com", ".perlhowto.com", ".philly.com", ".photofocus.com", ".phuquocservices.com", ".picidae.net", ".picturesocial.com", ".pidown.com", ".pign.net", ".blog.pilotmoon.com", ".pin6.com", ".ping.fm", ".pinoy-n.com", ".piring.com", ".pixelqi.com", ".css.pixnet.in", ".pixnet.net", ".pk.com", ".placemix.com", ".planetsuzy.org", ".pictures.playboy.com", ".playboy.com", ".plays.com.tw", ".m.plixi.com", ".plm.org.hk", ".plunder.com", ".plus28.com", ".plusbb.com", ".pmates.com", ".po2b.com", ".podictionary.com", ".pokerstars.com", ".zh.pokerstrategy.com", ".politicalchina.org", ".popularpages.net", ".popyard.com", ".popyard.org", ".porn.com", ".porn2.com", ".pornbase.org", ".pornhub.com", ".pornmm.net", ".pornoxo.com", ".pornrapidshare.com", ".pornstarclub.com", ".porntube.com", ".pornvisit.com", ".postadult.com", ".powercx.com", ".www.powerpointninja.com", ".pts.org.tw", ".pubu.com.tw", ".puffinbrowser.com", ".post.ly", ".posterous.com", ".post.anyu.org", ".bralio.com", ".calebelston.com", ".designerol.com", ".blog.fizzik.com", ".nf.id.au", ".markmilian.com", ".log.riku.me", ".sogrady.me", ".vatn.org", ".veempiire.com", ".www.vegorpedersen.com", ".ventureswell.com", ".webfee.tk", ".whereiswerner.com", ".zhong.pp.ru", ".power.com", ".powerapple.com", ".abc.pp.ru", ".heix.pp.ru", ".prayforchina.net", ".premeforwindows7.com", ".presentationzen.com", ".prestige-av.com", ".privacybox.de", ".privateinternetaccess.com", ".privatepaste.com", ".privatetunnel.com", ".procopytips.com", ".provideocoalition.com", ".prosiben.de", ".proxifier.com", ".api.proxlet.com", ".proxomitron.info", ".proxy.org", ".proxypy.net", ".proxyroad.com", ".prozz.net", ".psblog.name", ".psiphon.ca", ".ptt.cc", ".puffstore.com", ".pullfolio.com", ".pureconcepts.net", ".purepdf.com", ".purevpn.com", ".putlocker.com", ".pwned.com", ".python.com", ".python.com.tw", ".qanote.com", ".qi-gong.me", ".qienkuen.org", ".qixianglu.cn", ".bbs.qmzdd.com", ".qkshare.com", ".qoos.com", ".efksoft.com", ".qstatus.com", ".qtweeter.com", ".qtrac.eu", ".quadedge.com", ".www.getyouram.com", ".hiitch.com", ".qusi8.net", ".qvodzy.org", ".qxbbs.org", ".radioaustralia.net.au", ".opml.radiotime.com", ".radiovaticana.org", ".raidcall.com.tw", ".rangzen.org", ".ranyunfei.com", ".rapbull.net", ".rapidshare8.com", ".rapidsharedata.com", ".rcinet.ca", ".read100.com", ".readingtimes.com.tw", ".realraptalk.com", ".recordhistory.org", ".redtube.com", ".referer.us", ".reflectivecode.com", ".relaxbbs.com", ".renminbao.com", ".renyurenquan.org", ".subacme.rerouted.org", ".cn.reuters.com", ".revleft.com", ".retweetist.com", ".retweetrank.com", ".connectedchina.reuters.com", ".www.reuters.com", ".revver.com", ".rfa.org", ".rfachina.com", ".rfamobile.org", ".rferl.org", ".rfi.fr", ".rfi.my", ".rhcloud.com", ".rileyguide.com", ".riku.me", ".rlwlw.com", ".chinese.rnw.nl", ".rnw.nl", ".robtex.com", ".robustnessiskey.com", ".rocmp.org", ".rojo.com", ".ronjoneswriter.com", ".roodo.com", ".rsf.org", ".rsf-chinese.org", ".rssmeme.com", ".rthk.hk", ".rthk.org.hk", ".rti.org.tw", ".rushbee.com", ".rutube.ru", ".ruyiseek.com", ".rxhj.net", ".blog.s135.com", ".s1heng.com", ".s8forum.com", ".sacom.hk", ".sadpanda.us", ".saiq.me", ".salvation.org.hk", ".samair.ru", ".sammyjs.org", ".sandnoble.com", ".sankaizok.com", ".sanmin.com.tw", ".sapikachu.net", ".savemedia.com", ".savetibet.org", ".savevid.com", ".say2.info", ".scmp.com", ".scmpchinese.com", ".scribd.com", ".scriptspot.com", ".seapuff.com", ".domainhelp.search.com", ".secretchina.com", ".secretgarden.no", ".default.secureserver.net", ".securitykiss.com", ".seesmic.com", ".seevpn.com", ".seezone.net", ".sejie.com", ".sendspace.com", ".tweets.seraph.me", ".sesawe.net", ".sesawe.org", ".sethwklein.net", ".setty.com.tw", ".sevenload.com", ".sex.com", ".sex-11.com", ".sex8.cc", ".sexandsubmission.com", ".sexhu.com", ".sexhuang.com", ".sexinsex.net", ".sf.net", ".sfileydy.com", ".shadow.ma", ".shadowsocks.org", ".shahamat-english.com", ".shangfang.org", ".shapeservices.com", ".sharebee.com", ".sharecool.org", ".sharkdolphin.com", ".sharpdaily.com.hk", ".sharpdaily.hk", ".shaunthesheep.com", ".sheikyermami.com", ".shellmix.com", ".shenshou.org", ".shenyunperformingarts.org", ".shenzhoufilm.com", ".shinychan.com", ".shitaotv.org", ".shixiao.org", ".shizhao.org", ".shkspr.mobi", ".shodanhq.com", ".shopping.com", ".showtime.jp", ".ch.shvoong.com", ".shwchurch3.com", ".simplecd.org", ".simpleproductivityblog.com", ".bbs.sina.com", ".sina.com.tw", ".dailynews.sina.com", ".sina.com.hk", ".home.sina.com", ".singtao.com", ".news.singtao.ca", ".sinica.edu.tw", ".sino-monthly.com", ".sinocast.com", ".sinocism.com", ".sinomontreal.ca", ".sinonet.ca", ".sinopitt.info", ".sinoants.com", ".sinoquebec.com", ".site90.net", ".sitebro.tw", ".siteks.uk.to", ".sitemaps.org", ".sitetag.us", ".sis.xxx", ".sis001.com", ".sis001.us", ".sjum.cn", ".skimtube.com", ".skybet.com", ".skyhighpremium.com", ".bbs.skykiwi.com", ".www.skype.com", ".share.skype.com", ".xskywalker.com", ".m.slandr.net", ".slavasoft.com", ".slheng.com", ".slideshare.net", ".slime.com.tw", ".slutload.com", ".smhric.org", ".so-ga.net", ".so-news.com", ".so-net.net.tw", ".soc.mil", ".sockslist.net", ".sod.co.jp", ".softether.org", ".softether-download.com", ".sogclub.com", ".sohcradio.com", ".www.somee.com", ".sorting-algorithms.com", ".soumo.info", ".soup.io", ".slinkset.com", ".slickvpn.com", ".snaptu.com", ".sneakme.net", ".snooper.co.uk", ".sobees.com", ".socialwhale.com", ".softether.co.jp", ".softwarebychuck.com", ".blog.sogoo.org", ".soh.tw", ".sohfrance.org", ".chinese.soifind.com", ".sokamonline.com", ".somee.com", ".songjianjun.com", ".sopcast.com", ".sopcast.org", ".soundcloud.com", ".soundofhope.org", ".soupofmedia.com", ".sourceforge.net", ".southnews.com.tw", ".sowers.org.hk", ".wlx.sowiki.net", ".space-scape.com", ".spankwire.com", ".spb.com", ".speedpluss.org", ".spencertipping.com", ".spinejs.com", ".sproutcore.com", ".squarespace.com", ".ssh91.com", ".cdn.sstatic.net", ".www.stackfile.com", ".usinfo.state.gov", ".starp2p.com", ".startpage.com", ".state168.com", ".steel-storm.com", ".sthoo.com", ".stickam.com", ".stickeraction.com", ".stonegames.net", ".stoneip.info", ".storagenewsletter.com", ".stoptibetcrisis.net", ".stoweboyd.com", ".streamingthe.net", ".cn.streetvoice.com", ".cn2.streetvoice.com", ".tw.streetvoice.com", ".strongvpn.com", ".student.tw", ".stupidvideos.com", ".sufeng.org", ".sugarsync.com", ".summify.com", ".suoluo.org", ".api.supertweet.net", ".www.supertweet.net", ".surfeasy.com.au", ".svwind.com", ".sweux.com", ".swift-tools.net", ".sydneytoday.com", ".syncback.com", ".sysadmin1138.net", ".sysresccd.org", ".sytes.net", ".blog.syx86.com", ".blog.syx86.cn", ".szbbs.net", ".szetowah.org.hk", ".t35.com", ".t66y.com", ".taa-usa.org", ".tabtter.jp", ".tacem.org", ".tafaward.com", ".tagwalk.com", ".taipei.gov.tw", ".taipeisociety.org", ".taiwandaily.net", ".taiwantt.org.tw", ".taiwankiss.com", ".taiwannation.com", ".taiwannation.com.tw", ".taiwannews.com.tw", ".taiwanus.net", ".taiwanyes.com", ".taiwan-sex.com", ".tamiaode.tk", ".tanc.org", ".tangben.com", ".taolun.info", ".blog.taragana.com", ".taweet.com", ".tbpic.info", ".tchrd.org", ".teamseesmic.com", ".teashark.com", ".techlifeweb.com", ".techparaiso.com", ".teck.in", ".telecomspace.com", ".telegraph.co.uk", ".tenacy.com", ".theampfactory.com", ".theappleblog.com", ".theatrum-belli.com", ".thebodyshop-usa.com", ".theblemish.com", ".thebcomplex.com", ".thechinabeat.org", ".thedieline.com", ".thedw.us", ".thegatesnotes.com", ".thehousenews.com", ".thehun.net", ".thelifeyoucansave.com", ".thelius.org", ".thepiratebay.org", ".thepiratebay.se", ".theqii.info", ".thereallove.kr", ".thesartorialist.com", ".thespeeder.com", ".thetibetpost.com", ".thetrotskymovie.com", ".thevivekspot.com", ".thisav.com", ".thkphoto.com", ".thomasbernhard.org", ".threatchaos.com", ".throughnightsfire.com", ".thumbzilla.com", ".tiananmenmother.org", ".tiananmenuniv.com", ".tiananmenuniv.net", ".tiandixing.org", ".tianhuayuan.com", ".tiantibooks.org", ".tianzhu.org", ".tibet.com", ".tibet.net", ".tibet.org.tw", ".tibetalk.com", ".tibetanyouthcongress.org", ".tibetfund.org", ".tibetonline.com", ".tibetonline.tv", ".tibetwrites.org", ".time.com", ".blog.tiney.com", ".tinychat.com", ".tinypaste.com", ".tidyread.com", ".tistory.com", ".tkcs-collins.com", ".tkforum.tk", ".cn.tmagazine.com", ".tmi.me", ".tnaflix.com", ".togetter.com", ".tokyo-247.com", ".tokyo-hot.com", ".tokyocn.com", ".tonyyan.net", ".toodoc.com", ".toonel.net", ".topnews.in", ".topshare.us", ".topshareware.com", ".topstyle4.com", ".topsy.com", ".tora.to", ".torproject.org", ".torrentcrazy.com", ".torvpn.com", ".touch99.com", ".toutfr.com", ".tpi.org.tw", ".transgressionism.org", ".travelinlocal.com", ".trendsmap.com", ".trialofccp.org", ".tripod.com", ".trtc.com.tw", ".trulyergonomic.com", ".trustedbi.com", ".truth101.co.tv", ".truthcn.com", ".truveo.com", ".tsemtulku.com", ".tsquare.tv", ".tsunagarumon.com", ".tsctv.net", ".tt1069.com", ".tttan.com", ".ttv.com.tw", ".tuanzt.com", ".tube.com", ".tube8.com", ".tubecao.com", ".tubewolf.com", ".tuidang.net", ".tuidang.org", ".bbs.tuitui.info", ".tumutanzi.com", ".tunein.com", ".tunnelbear.com", ".turbobit.net", ".turningtorso.com", ".tuxtraining.com", ".301works.org", ".365singles.com.ar", ".all-that-is-interesting.com", ".art-or-porn.com", ".news.atebits.com", ".tumblr.awflasher.com", ".badassjs.com", ".basetimesheightdividedby2.com", ".benjaminste.in", ".blog.birdhouseapp.com", ".bobulate.com", ".bonjourlesgeeks.com", ".bookshelfporn.com", ".blog.boxcar.io", ".blog.bitly.com", ".chevronwp7.com", ".clientsfromhell.net", ".codeboxapp.com", ".cookingtothegoodlife.com", ".cubicle17.com", ".photos.dailyme.com", ".davidslog.com", ".blog.davidziegler.net", ".blog.dayoneapp.com", ".drewolanoff.com", ".blog.dribbble.com", ".chaos.e-spacy.com", ".eamonnbrennan.com", ".everyday-carry.com", ".eyespirit.info", ".life.fly4ever.me", ".fredwilson.vc", ".fuckgfw.com", ".geekmade.co.uk", ".generesis.com", ".news.ghostery.com", ".givemesomethingtoread.com", ".blog.gowalla.com", ".heiyo.info", ".hellonewyork.us", ".blog.hotpotato.com", ".ialmostlaugh.com", ".blog.ifttt.com", ".blog.instagram.com", ".blog.instapaper.com", ".interestinglaugh.com", ".blog.iphone-dev.org", ".jayparkinsonmd.com", ".blog.joeyrobert.org", ".kt.kcome.org", ".my.keso.cn", ".blog.kickstarter.com", ".blog.kl.am", ".blog.klip.me", ".t.kun.im", ".blog.lightbox.com", ".littlebigdetails.com", ".lovequicksilver.com", ".lyricsquote.com", ".madmenunbuttoned.com", ".marco.org", ".minimalmac.com", ".mixedmedialabs.com", ".modfetish.com", ".blog.mongodb.org", ".navigeaters.com", ".london.neighborhoodr.com", ".blog.path.com", ".parislemon.com", ".blog.pikchur.com", ".blog.rockmelt.com", ".blog.romanandreg.com", ".solozorro.tk", ".blog.sparrowmailapp.com", ".stuffimreading.com", ".blog.summify.com", ".thedailywh.at", ".theinternetwishlist.com", ".thisiswhyyouarefat.com", ".www.tiffanyarment.com", ".tjholowaychuk.com", ".tomsc.com", ".blog.topify.com", ".thehungrydudes.com", ".tumblweed.org", ".status.twhirl.org", ".blog.usa.gov", ".photo.utom.us", ".v-state.org", ".wellplacedpixels.com", ".whydidyoubuymethat.com", ".wordboner.com", ".wordsandturds.com", ".worstthingieverate.com", ".xmusic.fm", ".xuzhuoer.com", ".bd.zhe.la", ".cocoa.zonble.net", ".tv.com", ".www.tv.com", ".tv-intros.com", ".tvants.com", ".forum.tvb.com", ".tvboxnow.com", ".tvider.com", ".tvunetworks.com", ".twa.sh", ".twapperkeeper.com", ".twaud.io", ".twbbs.net.tw", ".twbbs.org", ".twbbs.tw", ".twblogger.com", ".tweepmag.com", ".tweepml.org", ".tweetbackup.com", ".tweetboard.com", ".tweetboner.biz", ".tweetdeck.com", ".deck.ly", ".tweete.net", ".m.tweete.net", ".mtw.tl", ".tweetedtimes.com", ".tweetmeme.com", ".tweetmylast.fm", ".tweetphoto.com", ".tweetrans.com", ".tweetree.com", ".tweetwally.com", ".tweetymail.com", ".twftp.org", ".twibase.com", ".twibble.de", ".twibbon.com", ".twibs.com", ".twicsy.com", ".twifan.com", ".twiffo.com", ".twilog.org", ".twimbow.com", ".twindexx.com", ".twipple.jp", ".twip.me", ".twistar.cc", ".twisternow.com", ".twistory.net", ".twitbrowser.net", ".twitcause.com", ".twitgether.com", ".twiggit.org", ".twitgoo.com", ".twitiq.com", ".twitlonger.com", ".tl.gd", ".twitoaster.com", ".twitonmsn.com", ".twitpic.com", ".twitreferral.com", ".twit2d.com", ".twitstat.com", ".dotheyfolloweachother.com", ".firstfivefollowers.com", ".retweeteffect.com", ".tweeplike.me", ".tweepguide.com", ".turbotwitter.com", ".twitvid.com", ".t.co", ".twt.tl", ".twimg.com", ".twittbot.net", ".twitter.com", ".twitter.jp", ".twttr.com", ".twitter4j.org", ".twittercounter.com", ".twitterfeed.com", ".twittergadget.com", ".twitterkr.com", ".twittermail.com", ".twittertim.es", ".twitthat.com", ".twitturly.com", ".twitzap.com", ".twiyia.com", ".twreg.info", ".twstar.net", ".twtkr.com", ".twtrland.com", ".twurl.nl", ".twyac.org", ".tycool.com", ".tynsoe.org", ".tzangms.com", ".typepad.com", ".blog.expofutures.com", ".legaltech.law.com", ".www.loiclemeur.com", ".latimesblogs.latimes.com", ".blog.palm.com", ".blogs.tampabay.com", ".contests.twilio.com", ".embr.in", ".guomin.us", ".srcf.ucam.org", ".ucdc1998.org", ".uderzo.it", ".udn.com", ".ufreevpn.com", ".ugo.com", ".uhrp.org", ".uighurbiz.net", ".ulike.net", ".www.ukchinese.com", ".ukliferadio.co.uk", ".ultravpn.fr", ".ultraxs.com", ".unblock.cn.com", ".uncyclomedia.org", ".uncyclopedia.info", ".unholyknight.com", ".uni.cc", ".unicode.org", ".uniteddaily.com.my", ".unix100.com", ".unknownspace.org", ".unpo.org", ".uocn.org", ".tor.updatestar.com", ".upload4u.info", ".uploaded.to", ".uploadstation.com", ".www.urbanoutfitters.com", ".url.com.tw", ".urlborg.com", ".urlparser.com", ".us.to", ".usacn.com", ".beta.usejump.com", ".usfk.mil", ".earthquake.usgs.gov", ".usmc.mil", ".ustream.tv", ".uushare.com", ".uwants.com", ".uwants.net", ".uyghurcongress.org", ".uygur.org", ".v70.us", ".vaayoo.com", ".value-domain.com", ".van698.com", ".vanemu.cn", ".vanilla-jp.com", ".vansky.com", ".vapurl.com", ".vcf-online.org", ".vcfbuilder.org", ".velkaepocha.sk", ".veoh.com", ".verizon.net", ".verybs.com", ".vft.com.tw", ".videobam.com", ".videomo.com", ".vidoemo.com", ".viki.com", ".vimeo.com", ".vimgolf.com", ".vimperator.org", ".vincnd.com", ".vinniev.com", ".video.tiscali.it", ".vmixcore.com", ".cn.voa.mobi", ".tw.voa.mobi", ".voachineseblog.com", ".voagd.com", ".voacantonese.com", ".voachinese.com", ".voatibetan.com", ".voanews.com", ".vocn.tv", ".vot.org", ".www.voy.com", ".www.vpncup.com", ".vpnbook.com", ".vpnfire.com", ".vpngate.jp", ".vpngate.net", ".vpnpop.com", ".vpnpronet.com", ".vtunnel.com", ".lists.w3.org", ".waffle1999.com", ".jyzj.waqn.com", ".wahas.com", ".waigaobu.com", ".waikeung.org", ".waiwaier.com", ".wallornot.org", ".wallpapercasa.com", ".www.wan-press.org", ".wanderinghorse.net", ".wangafu.net", ".wangjinbo.org", ".wanglixiong.com", ".wangruoshui.net", ".www.wangruowang.org", ".want-daily.com", ".wapedia.mobi", ".makzhou.warehouse333.com", ".washeng.net", ".wattpad.com", ".wearn.com", ".hudatoriq.web.id", ".web2project.net", ".webbang.net", ".weblagu.com", ".webs-tv.net", ".webshots.com", ".websitepulse.com", ".webworkerdaily.com", ".weeewooo.net", ".weekmag.info", ".wefong.com", ".weiboleak.com", ".weijingsheng.org", ".weiming.info", ".weiquanwang.org", ".wengewang.com", ".wengewang.org", ".wenhui.ch", ".wenku.com", ".wenxuecity.com", ".wenyunchao.com", ".westca.com", ".westernwolves.com", ".hkg.westkit.net", ".www.wet123.com", ".wepn.info", ".wetpussygames.com", ".wexiaobo.org", ".wezhiyong.org", ".wezone.net", ".wforum.com", ".whatblocked.com", ".whippedass.com", ".whylover.com", ".whyx.org", ".evchk.wikia.com", ".uncyclopedia.wikia.com", ".wikileaks.ch", ".wikileaks.de", ".wikileaks.eu", ".wikileaks.lu", ".wikileaks.org", ".wikileaks.pl", ".collateralmurder.com", ".collateralmurder.org", ".wikilivres.info", ".wikimapia.org", ".secure.wikimedia.org", ".wikimedia.org.mo", ".zh.wikinews.org", ".wikiwiki.jp", ".sports.williamhill.com", ".willw.net", ".windowsphoneme.com", ".winwhispers.info", ".wiredbytes.com", ".wiredpen.com", ".wisevid.com", ".witopia.net", ".wo.tc", ".woeser.com", ".wolfax.com", ".womensrightsofchina.org", ".woopie.jp", ".woopie.tv", ".workatruna.com", ".worldcat.org", ".worldjournal.com", ".wordpress.com", ".woxinghuiguo.com", ".wow-life.net", ".wpoforum.com", ".wqlhw.com", ".wqyd.org", ".wretch.cc", ".wsj.com", ".wtfpeople.com", ".wuala.com", ".wuerkaixi.com", ".wufi.org.tw", ".wujie.net", ".wujieliulan.com", ".wukangrui.net", ".wwitv.com", ".wzyboy.im", ".www.x-berry.com", ".x-art.com", ".x-wall.org", ".x1949x.com", ".x365x.com", ".xanga.com", ".xbookcn.com", ".x.xcity.jp", ".xcritic.com", ".destiny.xfiles.to", ".xfm.pp.ru", ".xgmyd.com", ".xh4n.cn", ".xhamster.com", ".one.xthost.info", ".xiaochuncnjp.com", ".s.xiaod.in", ".xiaohexie.com", ".xiaoma.org", ".xiezhua.com", ".xing.com", ".xinmiao.com.hk", ".xinsheng.net", ".xinshijue.com", ".xinhuanet.org", ".xizang-zhiye.org", ".xjp.cc", ".xml-training-guide.com", ".xmovies.com", ".xnxx.com", ".xpdo.net", ".xpud.org", ".k2.xrea.com", ".xtube.com", ".blog.xuite.net", ".vlog.xuite.net", ".xuzhiyong.net", ".xuchao.org", ".xuchao.net", ".xvedios.com", ".xvideos.com", ".xxbbx.com", ".xxxx.com.au", ".xys.org", ".xysblogs.org", ".xyy69.com", ".xyy69.info", ".bid.yahoo.com", ".yahoo.co.jp", ".yahoo.com.tw", ".hk.yahoo.com", ".knowledge.yahoo.com", ".myblog.yahoo.com", ".news.yahoo.com", ".rd.yahoo.com", ".search.yahoo.com", ".meme.yahoo.com", ".tw.yahoo.com", ".pulse.yahoo.com", ".upcoming.yahoo.com", ".video.yahoo.com", ".yahoo.com.hk", ".yam.com", ".yasni.co.uk", ".yasukuni.or.jp", ".ydy.com", ".yeelou.com", ".yeeyi.com", ".yegle.net", ".yfrog.com", ".yhcw.net", ".yi.org", ".yidio.com", ".yilubbs.com", ".xa.yimg.com", ".yipub.com", ".yogichen.org", ".yong.hu", ".yorkbbs.ca", ".youxu.info", ".yyii.org", ".yzzk.com", ".youjizz.com", ".youmaker.com", ".youpai.org", ".your-freedom.net", ".yousendit.com", ".youthbao.com", ".youthnetradio.org", ".youthwant.com.tw", ".youporn.com", ".youtu.be", ".youtube.com", ".youtube-nocookie.com", ".youtubecn.com", ".youversion.com", ".blog.youxu.info", ".ytimg.com", ".ytht.net", ".yuanming.net", ".yunchao.net", ".yvesgeleyn.com", ".yx51.net", ".yymaya.com", ".zacebook.com", ".zannel.com", ".tap11.com", ".luntan.zaobao.com", ".zaobao.com.sg", ".zaozon.com", ".zarias.com", ".zaurus.org.uk", ".zdnet.com.tw", ".zengjinyan.org", ".zeutch.com", ".www.zfreet.com", ".zgzcjj.net", ".zhanbin.net", ".zhenghui.org", ".zhenlibu.info", ".zhinengluyou.com", ".zhongguotese.net", ".zhongmeng.org", ".zhreader.com", ".zhuichaguoji.org", ".ziddu.com", ".zillionk.com", ".zinio.com", ".ziplib.com", ".zkaip.com", ".zlib.net", ".zmw.cn", ".zomobo.net", ".zonaeuropa.com", ".zootool.com", ".zoozle.net", ".writer.zoho.com", ".zshare.net", ".zsrhao.com", ".zuo.la", ".zuola.com", ".zvereff.com", ".zyzc9.com", ".upload.wikimedia.org", ".wikipedia.org", ".zh-yue.wikipedia.org", ".en.wikipedia.org", ".zh.wikipedia.org", ".m.wikipedia.org", ".zh.wikisource.org", ".gov.tw",</div><div class="line"></div><div class="line">// Place Domains Above.</div><div class="line">		"DOMAIN.PADDING";</div><div class="line"></div><div class="line">reject = 118.5.49.6, 128.121.126.139, 159.106.121.75, 169.132.13.103, 188.5.4.96, 189.163.17.5, 192.67.198.6, 197.4.4.12, 202.106.1.2, 202.181.7.85, 203.161.230.171, 203.98.7.65, 207.12.88.98, 208.56.31.43, 209.145.54.50, 209.220.30.174, 209.36.73.33, 209.85.229.138, 211.94.66.147, 213.169.251.35, 216.221.188.182, 216.234.179.13, 23.89.5.60, 243.185.187.39, 249.129.46.48, 253.157.14.165, 37.61.54.158, 4.36.66.178, 46.82.174.68, 49.2.123.56, 54.76.135.1, 59.24.3.173, 64.33.88.161, 64.33.99.47, 64.66.163.251, 65.104.202.252, 65.160.219.113, 66.45.252.237, 72.14.205.104, 72.14.205.99, 74.125.127.102, 74.125.155.102, 74.125.39.102, 74.125.39.113, 77.4.7.92, 78.16.49.15, 8.7.198.45, 93.46.8.89;</div><div class="line"></div><div class="line">}</div><div class="line"></div><div class="line">server {</div><div class="line">    label				= "Google"; // Primary</div><div class="line">    timeout				= 3;</div><div class="line">    ip					= 8.8.8.8, 8.8.4.4, 208.67.222.222, 208.67.220.220;</div><div class="line">	proxy_only			= on;</div><div class="line">    caching				= on;</div><div class="line">    randomize_servers	= on;</div><div class="line">}</div><div class="line"></div><div class="line">rr {</div><div class="line">	name=localhost;</div><div class="line">	reverse=on;</div><div class="line">	a=127.0.0.1;</div><div class="line">	owner=localhost;</div><div class="line">	soa=localhost,root.localhost,42,86400,900,86400,86400;</div><div class="line">}</div><div class="line"></div><div class="line">/* vim:set ft=c: */</div></pre></td></tr></table></figure>

<p>这里默认使用北京联通的域名解析服务器，你也可以换成更适合自己的。当遇到被墙域名或者收到了被污染的 IP 时，再使用谷歌和 OpenDNS 的服务器。</p>
<p>执行 <code>sudo service pdnsd start</code> 来启动 pdnsd。</p>
<h2 id="为使用_pdnsd_配置_Strongswan">为使用 pdnsd 配置 Strongswan</h2>
<p>我们刚才配置的 iptables 中并没有开启 DNS 服务需要的53端口。这个端口如果完全开放的话，VPS 提供商可能会给我们发安全警告。所以我们要利用 Strongswan 的 <code>updown script</code> 来完成对 iptables 的设置。</p>
<h3 id="创建_leftupdown_脚本">创建 leftupdown 脚本</h3>
<p>我把这个脚本放在了 <code>~/ipsec_config/leftupdown</code>，你也可以放在你喜欢的位置。</p>
<p>文件内容如下。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div><div class="line">24</div><div class="line">25</div><div class="line">26</div><div class="line">27</div><div class="line">28</div><div class="line">29</div><div class="line">30</div><div class="line">31</div><div class="line">32</div><div class="line">33</div><div class="line">34</div><div class="line">35</div><div class="line">36</div><div class="line">37</div></pre></td><td class="code"><pre><div class="line"><span class="shebang">#!/bin/sh</span></div><div class="line"></div><div class="line">PATH=<span class="string">"/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin"</span></div><div class="line"><span class="keyword">export</span> PATH</div><div class="line"></div><div class="line"><span class="built_in">echo</span> <span class="string">"updown executing"</span></div><div class="line"></div><div class="line">ipsec _updown</div><div class="line"></div><div class="line"><span class="keyword">case</span> <span class="string">"<span class="variable">$PLUTO_VERB</span>:<span class="variable">$1</span>"</span> <span class="keyword">in</span></div><div class="line">up-client:)</div><div class="line"></div><div class="line">iptables -C INPUT <span class="operator">-s</span> <span class="variable">$PLUTO_PEER</span> -p tcp -m tcp --dport <span class="number">53</span> -j ACCEPT</div><div class="line">exist=$?</div><div class="line"></div><div class="line"><span class="keyword">if</span> [ <span class="variable">$exist</span> <span class="operator">-eq</span> <span class="number">0</span> ];<span class="keyword">then</span></div><div class="line">	<span class="built_in">echo</span> <span class="string">"updown script rule already exists for <span class="variable">$PLUTO_PEER</span>"</span></div><div class="line"><span class="keyword">else</span></div><div class="line">	<span class="built_in">echo</span> <span class="string">"updown script up client <span class="variable">$PLUTO_PEER</span>"</span></div><div class="line">	iptables -I INPUT <span class="number">4</span> <span class="operator">-s</span> <span class="variable">$PLUTO_PEER</span> -p tcp -m tcp --dport <span class="number">53</span> -j ACCEPT</div><div class="line">	iptables -I INPUT <span class="number">4</span> <span class="operator">-s</span> <span class="variable">$PLUTO_PEER</span> -p udp -m udp --dport <span class="number">53</span> -j ACCEPT</div><div class="line">	iptables -I INPUT <span class="number">4</span> <span class="operator">-s</span> <span class="variable">$PLUTO_PEER</span> -p tcp -m tcp --sport <span class="number">53</span> -j ACCEPT</div><div class="line">	iptables -I INPUT <span class="number">4</span> <span class="operator">-s</span> <span class="variable">$PLUTO_PEER</span> -p udp -m udp --sport <span class="number">53</span> -j ACCEPT</div><div class="line"><span class="keyword">fi</span></div><div class="line">;;</div><div class="line"></div><div class="line">down-client:)</div><div class="line"></div><div class="line"><span class="built_in">echo</span> <span class="string">"updown script down client <span class="variable">$PLUTO_PEER</span>"</span></div><div class="line"></div><div class="line">iptables -D INPUT <span class="operator">-s</span> <span class="variable">$PLUTO_PEER</span> -p tcp -m tcp --dport <span class="number">53</span> -j ACCEPT</div><div class="line">iptables -D INPUT <span class="operator">-s</span> <span class="variable">$PLUTO_PEER</span> -p udp -m udp --dport <span class="number">53</span> -j ACCEPT</div><div class="line">iptables -D INPUT <span class="operator">-s</span> <span class="variable">$PLUTO_PEER</span> -p tcp -m tcp --sport <span class="number">53</span> -j ACCEPT</div><div class="line">iptables -D INPUT <span class="operator">-s</span> <span class="variable">$PLUTO_PEER</span> -p udp -m udp --sport <span class="number">53</span> -j ACCEPT</div><div class="line">;;</div><div class="line"></div><div class="line"><span class="keyword">esac</span></div></pre></td></tr></table></figure>

<p>保存好文件后，修改文件权限 <code>chmod 777 ~/ipsec_config/leftupdown</code>。</p>
<h3 id="修改_/etc/ipsec-conf">修改 /etc/ipsec.conf</h3>
<p>把 <code>rightdns</code> 改成 VPS 的 IP。在 <code>%default</code> 里添加一行 <code>leftupdown=/path/to/your/leftupdown</code>，注意这里把路径换成刚才创建的 <code>leftupdown</code> 脚本的绝对路径。</p>
<p>执行 <code>sudo ipsec reload</code>，然后客户端重新连接一下，试试效果吧。</p>
]]></content:encoded>
      <comments>http://emptyzone.github.io/tech/2014/10/13/cross-fire-wall-on-ios8/#disqus_comments</comments>
    </item>
    
    <item>
      <title><![CDATA[利用Github和Heroku远程发表Hexo文章]]></title>
      <link>http://emptyzone.github.io/tech/2014/08/11/hexo-auto-publisher-on-heroku/</link>
      <guid>http://emptyzone.github.io/tech/2014/08/11/hexo-auto-publisher-on-heroku/</guid>
      <pubDate>Mon, 11 Aug 2014 10:02:00 GMT</pubDate>
      <description>
      <![CDATA[<p>使用<a href="http://hexo.io" target="_blank" rel="external">Hexo</a>这种静态博客程序搭建博客时，始终会遇到一个问题，要写博客就必须有一台环境配置好的电脑才行。想用手机和平板发文章，就会遇到各种问题。</p>
<p>看到了<a href="http://kywk.github.io/" target="_blank" rel="external">Yu-Zhi Chen</a>的<a href="http://kywk.github.io/hexo-migrator-dropbox/" target="_blank" rel="external">hexo-migrator-dropbox</a>，但苦于地域限制，很难发挥它的作用。</p>
<p>于是开发了<a href="https://github.com/songchenwen/hexo-migrator-issue" target="_blank" rel="external">hexo-migrator-issue</a>和<a href="https://github.com/songchenwen/hexo-heroku-auto-publisher" target="_blank" rel="external">hexo-heroku-auto-publisher</a>，顺便为最近要开始的前端项目练练手。这两个插件配合<a href="http://heroku.com" target="_blank" rel="external">Heroku</a>和Github issues提供的免费服务，即可实现远程发表<a href="http://hexo.io" target="_blank" rel="external">Hexo</a>文章的功能。</p>
<p>以下步骤基于已搭建好<a href="http://hexo.io" target="_blank" rel="external">Hexo</a>环境并且有Github Pages项目的前提。</p>
]]>
      
      </description>
      <content:encoded><![CDATA[<p>使用<a href="http://hexo.io" target="_blank" rel="external">Hexo</a>这种静态博客程序搭建博客时，始终会遇到一个问题，要写博客就必须有一台环境配置好的电脑才行。想用手机和平板发文章，就会遇到各种问题。</p>
<p>看到了<a href="http://kywk.github.io/" target="_blank" rel="external">Yu-Zhi Chen</a>的<a href="http://kywk.github.io/hexo-migrator-dropbox/" target="_blank" rel="external">hexo-migrator-dropbox</a>，但苦于地域限制，很难发挥它的作用。</p>
<p>于是开发了<a href="https://github.com/songchenwen/hexo-migrator-issue" target="_blank" rel="external">hexo-migrator-issue</a>和<a href="https://github.com/songchenwen/hexo-heroku-auto-publisher" target="_blank" rel="external">hexo-heroku-auto-publisher</a>，顺便为最近要开始的前端项目练练手。这两个插件配合<a href="http://heroku.com" target="_blank" rel="external">Heroku</a>和Github issues提供的免费服务，即可实现远程发表<a href="http://hexo.io" target="_blank" rel="external">Hexo</a>文章的功能。</p>
<p>以下步骤基于已搭建好<a href="http://hexo.io" target="_blank" rel="external">Hexo</a>环境并且有Github Pages项目的前提。</p>
<a id="more"></a>

<h1 id="准备项目">准备项目</h1>
<h2 id="安装hexo-heroku-auto-publisher">安装<a href="https://github.com/songchenwen/hexo-heroku-auto-publisher" target="_blank" rel="external">hexo-heroku-auto-publisher</a></h2>
<p>在Hexo项目目录下执行</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">$ npm install hexo-heroku-auto-publisher --save</div></pre></td></tr></table></figure>

<p>这个插件不需要配置，它的作用就是在你的项目里添加一些上传到<a href="http://heroku.com" target="_blank" rel="external">Heroku</a>时所需要的文件。</p>
<h2 id="转换项目">转换项目</h2>
<p>安装好<a href="https://github.com/songchenwen/hexo-heroku-auto-publisher" target="_blank" rel="external">hexo-heroku-auto-publisher</a>后，在<a href="http://hexo.io" target="_blank" rel="external">Hexo</a>项目目录下执行</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">$ hexo mp</div></pre></td></tr></table></figure>

<p>等执行完成后你会看到自己的项目里多出了<code>app.js</code>和<code>Procfile</code>这两个文件。如果你能看到隐藏文件的话还会看到<code>.ssh</code>文件夹合理面包含的三个文件。</p>
<p>让我们看看刚才这个命令的执行过程中都发生了什么：</p>
<ul>
<li>下载了<code>app.js</code>，<code>Procfile</code>，<code>.ssh/known_hosts</code>这三个文件</li>
<li>为你生成了一个新的ssh key，用来给<a href="http://heroku.com" target="_blank" rel="external">Heroku</a>向你的<a href="https://github.com" target="_blank" rel="external">Github</a>项目提交内容的权限。</li>
<li>为你安装了<a href="https://github.com/songchenwen/hexo-migrator-issue" target="_blank" rel="external">hexo-migrator-issue</a>插件</li>
<li>为你的项目添加了<code>async</code>，<code>body-parser</code>，<code>express</code>，<code>hexo</code>这四个依赖。</li>
</ul>
<h2 id="保存ssh_key">保存ssh key</h2>
<p>在刚才转换项目的过程中，有一段输出是值得我们注意的。类似下面这样。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div></pre></td><td class="code"><pre><div class="line">Add the following ssh key to https://github.com/settings/ssh </div><div class="line"></div><div class="line">ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAOJXk9uTTwEGw89pET3X7C5ZQSZ76ENNYuamoO+AhMO3xlommwuqFzkKZX7ijWVAhaJ6dfuetpSFVAiSLQsHaEWH/ZLzLD9h+grhrkuk/wUyArn8IXe7hwTKl6fbTzrnZpY8I9FrQOk72cGiq82oLnBpnA1DIHvAQL1c/oIBZpZXWni70N1AOJ5qw4s9H2lqK7p53JLWtx/dEZtBCIvcSCqDrZpVgwQPgzfIdbaD2aB0j6KQKrsQlszj1s/svFzfdv6s1imc6NsA+IxpShH+<span class="number">2</span>c9jbMU2NyEKEnM1ipOyPoFjCHTQ1ufBd5vT8M9nwVoHbpuOhSttBM6HHXWmhPFmp ww@localhost</div></pre></td></tr></table></figure>

<p>这里打印出了我们要添加到<a href="https://github.com" target="_blank" rel="external">Github</a>上的ssh key，让我们先把它复制出来保存一下吧。</p>
<h2 id="修改配置文件">修改配置文件</h2>
<p>按照下面的格式修改配置文件</p>
<figure class="highlight yaml"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div><div class="line">24</div><div class="line">25</div><div class="line">26</div><div class="line">27</div><div class="line">28</div><div class="line">29</div><div class="line">30</div><div class="line">31</div><div class="line">32</div><div class="line">33</div><div class="line">34</div><div class="line">35</div><div class="line">36</div><div class="line">37</div><div class="line">38</div><div class="line">39</div></pre></td><td class="code"><pre><div class="line"><span class="title">issue_migrator</span> :</div><div class="line">    repository_name : repository.github.io  </div><div class="line">        <span class="comment"># 这个Github项目的issue会被当做文章(必填)</span></div><div class="line">                                             </div><div class="line">    owner_name : someone                     </div><div class="line">        <span class="comment"># 上面那个项目的创建者的用户名 (必填)</span></div><div class="line">                                             </div><div class="line">    label : blog            </div><div class="line">        <span class="comment"># 只有打了这个标签的issue才会被当做文章</span></div><div class="line">        <span class="comment"># 留空这一项的话意为着所有的issue都会被当做文章</span></div><div class="line">        <span class="comment"># 默认空</span></div><div class="line">                                             </div><div class="line">    issue_count_per_page : <span class="number">20</span></div><div class="line">        <span class="comment"># 每次API请求中包含多少issue 默认 20</span></div><div class="line">    </div><div class="line">    clean : <span class="built_in">true</span></div><div class="line">        <span class="comment"># 这项如果为true的话，每次执行issue_migrator都会先删掉之前所有的文章</span></div><div class="line">        <span class="comment"># 如果为false，则只会添加文章不会删除文章</span></div><div class="line">        <span class="comment"># 只有当你项目里所有之前的文章都转移到issue里之后才应该设为true</span></div><div class="line">        <span class="comment"># 默认 false</span></div><div class="line">    </div><div class="line">    including_closed : <span class="built_in">false</span></div><div class="line">        <span class="comment"># 一般我们把issue close了就以为这要把它从博客上删除了</span></div><div class="line">        <span class="comment"># 如果是true，那么close了的issue也不会被认为是删除了的</span></div><div class="line">        <span class="comment"># 默认 false</span></div><div class="line">        </div><div class="line">heroku_auto_publisher :</div><div class="line">    sender_name : songchenwen</div><div class="line">    	<span class="comment"># 当这个Github用户名未这一项的用户</span></div><div class="line">    	<span class="comment"># 对上面的repository产生issue操作时</span></div><div class="line">    	<span class="comment"># 才会触发issue_migrator</span></div><div class="line">    	<span class="comment"># 留空的话就是所有人的操作都会触发</span></div><div class="line">    	<span class="comment"># 默认空</span></div><div class="line">    	</div><div class="line">    commit_user_name : songchenwen</div><div class="line">    	<span class="comment"># 自动发表文章时你希望Github上显示的commit用户名</span></div><div class="line">    	</div><div class="line">    commit_user_email : emptyzone.<span class="number">0</span><span class="variable">@gmail</span>.com</div><div class="line">    	<span class="comment"># 自动发表文章时你希望Github上显示的commit用户email</span></div></pre></td></tr></table></figure>

<p>以上这些步骤完成后，我们就已经准备好要部署到<a href="http://heroku.com" target="_blank" rel="external">Heroku</a>上的项目了。</p>
<h1 id="创建Heroku_App">创建<a href="http://heroku.com" target="_blank" rel="external">Heroku</a> App</h1>
<h2 id="注册">注册</h2>
<p>如果你还没有Heroku的账户的话，就先去<a href="https://id.heroku.com/signup" target="_blank" rel="external">这里</a>注册吧。</p>
<h2 id="安装heroku-toolbelt">安装heroku-toolbelt</h2>
<p>Heroku toolbelt是你在本地操作Heroku Apps的客户端。<br>去<a href="https://devcenter.heroku.com/articles/quickstart#step-2-install-the-heroku-toolbelt" target="_blank" rel="external">这里</a>下载安装。</p>
<p>安装完成后打开终端(命令行)执行</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">$ heroku login</div></pre></td></tr></table></figure>

<p>然后按照提示输入Email和密码，设置好ssh key。</p>
<h2 id="初始化Git">初始化Git</h2>
<p>如果你当前的项目已经是一个Git版本库了，那么你只需要记得把准备项目时新生成的文件添加的版本控制里就行了。不过需要注意的是./ssh/id_rsa这个文件尽量不要push到公开的版本库上，有了它就有了操作你的<a href="https://github.com" target="_blank" rel="external">Github</a>项目的授权。</p>
<p>如果你的项目还没有被初始化成Git版本库过，那么你需要执行下面三条命令。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div></pre></td><td class="code"><pre><div class="line">$ git init</div><div class="line">$ git add .</div><div class="line">$ git commit -m <span class="string">"init"</span></div></pre></td></tr></table></figure>

<h2 id="创建App">创建App</h2>
<p>在项目目录下执行</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">$ heroku create</div></pre></td></tr></table></figure>

<p>这会在<a href="http://heroku.com" target="_blank" rel="external">Heroku</a>上创建好对应的App。</p>
<p>再执行</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">$ git push heroku master</div></pre></td></tr></table></figure>

<p>这会把你的项目部署到<a href="http://heroku.com" target="_blank" rel="external">Heroku</a>上。</p>
<p>执行下面的命令来保证你的项目能得到运行。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">$ heroku ps:scale web=<span class="number">1</span></div></pre></td></tr></table></figure>

<p>让我们来访问一下你的项目吧，执行</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">$ heroku open</div></pre></td></tr></table></figure>

<p>命令执行后会在浏览器里打开你的项目，如果页面上显示success则代表你部署成功了，记住这个页面的网址，我们后面会用到它。</p>
<h1 id="配置Github">配置Github</h1>
<h2 id="添加ssh_key">添加ssh key</h2>
<p>在<a href="https://github.com/settings/ssh" target="_blank" rel="external">这里</a>添加上刚才ssh key，注意登录用户必须有提交到Github Pages项目的权限。</p>
<h2 id="设置Webhooks">设置Webhooks</h2>
<p>打开你用来存放文章(issue)的<a href="https://github.com" target="_blank" rel="external">Github</a>项目主页，点击右侧的<code>Settings</code>，再点左侧的<code>Webhooks &amp; Services</code>。</p>
<p>点击<code>Add webhook</code>。</p>
<p>在<code>Payload URL</code>里填入刚才我们打开heroku app的网址。</p>
<p><code>Content type</code>选<code>application/json</code>。</p>
<p><code>Secret</code>留空。</p>
<p><code>Which events would you like to trigger this webhook?</code>选<code>Let me select individual events.</code>。</p>
<p>在下面的选项里只选<code>Issues</code>一项就够了。</p>
<p>选中<code>Active</code>。</p>
<p>点击<code>Add webhook</code>。</p>
<hr>
<p>现在就去issue里写一篇文章试试吧。记得issue的标题会被当做文件名，issue的内容要带有hexo所需的文件头哦。</p>
<p>像<a href="https://github.com/emptyzone/emptyzone.github.com/issues/14" target="_blank" rel="external">这个</a>一样。</p>
]]></content:encoded>
      <comments>http://emptyzone.github.io/tech/2014/08/11/hexo-auto-publisher-on-heroku/#disqus_comments</comments>
    </item>
    
    <item>
      <title><![CDATA[超越Instagram之路]]></title>
      <link>http://emptyzone.github.io/tech/2013/11/24/way-beyond-instagram-preview-and-outline/</link>
      <guid>http://emptyzone.github.io/tech/2013/11/24/way-beyond-instagram-preview-and-outline/</guid>
      <pubDate>Sun, 24 Nov 2013 00:00:00 GMT</pubDate>
      <description>
      <![CDATA[<p>在过去一年多的时间里，我和团队受Instagram的激励一起做了一个图片分享社区。所以同时我也对iOS和Android上的相机开发做了很多研究。我们认为我们产品里的相机在很多方面达到了与Instagram类似的标准，甚至有些方面要更优于它。</p>
]]>
      
      </description>
      <content:encoded><![CDATA[<p>在过去一年多的时间里，我和团队受Instagram的激励一起做了一个图片分享社区。所以同时我也对iOS和Android上的相机开发做了很多研究。我们认为我们产品里的相机在很多方面达到了与Instagram类似的标准，甚至有些方面要更优于它。</p>
<a id="more"></a>

<p>在上周写了一篇关于Android相机启动优化的文章后。我重新考虑了技术文章应有的写法。对于一个较复杂的工程来说，只提取出一小部分主题来写，读者看来就像管中窥豹，恐怕很难获得提升。所以我决定把自己过去一年多里关于iOS和Android平台相机应用的努力，通过一系列的文章，总结记录下来。我会尽量做到循序渐进，也希望能给看到的人带来帮助。</p>
<p><img src="/images/way-beyond-instagram-preview-and-outline/1.jpg" alt=""></p>
<p><img src="/images/way-beyond-instagram-preview-and-outline/2.jpg" alt=""></p>
<p>上面是在我计划的这一系列文章之后所能实现的工程预览。包括一个拍照界面和一个分享界面。最终结果可能会有差异，但不会差很多。</p>
<p>这些文章中将会以Android平台相机的开发为主，iOS平台的代码逻辑类似，这样做主要是由于iOS平台有GPUImage这样优秀的开源框架，为我们省掉了很多工作，当然同时也让我们无法更清晰的看到一些细节上我们本该注意到的逻辑。</p>
<p>随后的文章中将会涉及到的内容包括以下这几点：</p>
<p>1.开启相机并能实时预览</p>
<p>2.拍摄照片与保存图片</p>
<p>3.Android平台不同相机的兼容和配置</p>
<p>4.相机的对焦功能</p>
<p>5.相机的闪光灯功能</p>
<p>6.前后摄像头的切换</p>
<p>7.从相机界面到分享界面的平滑过渡</p>
<p>8.利用OpenGl ES实现图片滤镜的原理</p>
<p>9.利用OpenGl ES实现图片滤镜和实时滤镜</p>
<p>10.利用OpenGl ES实现可调节的移轴效果</p>
<p>其中关于图片滤镜的部分可能会用几篇文章来分别介绍。</p>
<p>另外Instagram的最新版中已经去除了对实时滤镜的支持。他们自己把这描述为有利于用户体验的改进。我倒是觉得这是他们利用iOS SDK中的UIImagePickerController重写相机所带来的副作用，这确实是降低应用内存占用的好办法，但我不认为去掉滤镜的实时预览功能是一种改进，毕竟所见即所得式的拍照能够帮助用户生产更优秀的照片。</p>
]]></content:encoded>
      <comments>http://emptyzone.github.io/tech/2013/11/24/way-beyond-instagram-preview-and-outline/#disqus_comments</comments>
    </item>
    
    <item>
      <title><![CDATA[田亮肯定不是好爸爸]]></title>
      <link>http://emptyzone.github.io/life/2013/11/18/tianliang-bad-dad/</link>
      <guid>http://emptyzone.github.io/life/2013/11/18/tianliang-bad-dad/</guid>
      <pubDate>Mon, 18 Nov 2013 00:00:00 GMT</pubDate>
      <description>
      <![CDATA[<p>周五陪女朋友又看了一集《爸爸去哪》。看到田亮鬼鬼祟祟的问别人：“哎，你平时打孩子吗？其实中国式的教育还是有必要的。”我就想起第一集里刚开始这家伙就表达了对于在镜头前不能打孩子的深深遗憾。没想到他之后还在一直叨逼这事。</p>
<p>人在做了亏心事的时候就总会找各种理由把它合]]>
      </description>
      <content:encoded><![CDATA[<p>周五陪女朋友又看了一集《爸爸去哪》。看到田亮鬼鬼祟祟的问别人：“哎，你平时打孩子吗？其实中国式的教育还是有必要的。”我就想起第一集里刚开始这家伙就表达了对于在镜头前不能打孩子的深深遗憾。没想到他之后还在一直叨逼这事。</p>
<p>人在做了亏心事的时候就总会找各种理由把它合理化，其实就是心虚。他也知道自己做得不对，但如果承认了，不就证明他是个坏爸爸了吗？所以他不能承认。但不说他又憋不住。于是他就一直说，想把黑的说成白的。不知道别的爸爸听他一直叨逼叨的会有什么想法。我是觉得搞体育的人智商真是让人捉急。</p>
]]></content:encoded>
      <comments>http://emptyzone.github.io/life/2013/11/18/tianliang-bad-dad/#disqus_comments</comments>
    </item>
    
    <item>
      <title><![CDATA[Android相机启动加速]]></title>
      <link>http://emptyzone.github.io/tech/2013/11/17/android-launch-camera-speed-up/</link>
      <guid>http://emptyzone.github.io/tech/2013/11/17/android-launch-camera-speed-up/</guid>
      <pubDate>Sun, 17 Nov 2013 00:00:00 GMT</pubDate>
      <description>
      <![CDATA[<p>在Android上实现一个简单能用的相机其实挺容易。谷歌随便搜一搜就有很多能用的Sample。当然就像谷歌能搜到的其他代码一样，这些Sample虽然能用但离好用还很远。</p>
<p>这篇文章就只说说从用户点击启动按钮到用户能看到实时预览的这一小段时间内，我们所做的优化。</p>
]]>
      
      </description>
      <content:encoded><![CDATA[<p>在Android上实现一个简单能用的相机其实挺容易。谷歌随便搜一搜就有很多能用的Sample。当然就像谷歌能搜到的其他代码一样，这些Sample虽然能用但离好用还很远。</p>
<p>这篇文章就只说说从用户点击启动按钮到用户能看到实时预览的这一小段时间内，我们所做的优化。</p>
<a id="more"></a>

<p>Android手机上良莠不齐的硬件，导致相机启动时间有长有短，很难预期。用户在使用app过程中，过长的等待会产生焦虑。我们要做的就是让用户尽量感知不到相机启动的耗时。</p>
<p>按照网上能搜到的一般相机Sample的说法，从启动相机到实时预览，我们需要做三件事：1.构建一个GlSurfaceView并获取它的SurfaceHolder；2.获取一个Camera device，启动它；3.将Camera device的预览设置为我们准备好的SurfaceHolder。</p>
<p>我们把GlSurfaceView写到xml里如下：</p>
<figure class="highlight xml"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div></pre></td><td class="code"><pre><div class="line"><span class="tag">&lt;<span class="title">GlSurfaceView</span></span></div><div class="line">	android:id="@+id/<span class="attribute">camera_preview</span>"</div><div class="line">	<span class="attribute">android:layout_width</span>=<span class="value">"match_parent"</span></div><div class="line">	<span class="attribute">android:layout_height</span>=<span class="value">"match_parent"</span> /&gt;</div></pre></td></tr></table></figure>

<p>我们可以在CameraActivity的onCreate里获取到这个GlSurfaceView。可是并不是GlSurfaceView创建好了SurfaceHolder就也准备好了。我们还需要给它设置一个HolderListener来等待它生成出来的SurfaceHolder。</p>
<figure class="highlight java"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div></pre></td><td class="code"><pre><div class="line"><span class="keyword">private</span> <span class="class"><span class="keyword">class</span> <span class="title">SurfaceObserver</span> <span class="keyword">implements</span></span></div><div class="line">		<span class="title">SupportCamSurfaceView</span>.<span class="title">SurfaceHolderLisener</span> {</div><div class="line"></div><div class="line">	<span class="keyword">public</span> <span class="keyword">void</span> <span class="title">onSurfaceHolderCreated</span>(SurfaceHolder holder) {</div><div class="line">		mSurfaceHolder = holder;</div><div class="line">	}</div><div class="line">}</div><div class="line">vCameraPreview.setHolderListener(<span class="keyword">new</span> SurfaceObserver());</div></pre></td></tr></table></figure>

<p>然后我们来Open一个Camera。</p>
<pre><code><span class="comment">//代码省略掉了检测Camera个数，获取CameraId还有设置CameraPreviewSize的逻辑。那是其他部分的内容了。</span>
</code></pre><figure class="highlight java"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">mCamera = Camera.open(mCameraId);</div></pre></td></tr></table></figure>

<p>最后把SurfaceHolder设置给Camera就可以开启预览了。</p>
<figure class="highlight java"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line">mCamera.setPreviewTexture(mSurfaceHolder);</div><div class="line">mCamera.startPreview();</div></pre></td></tr></table></figure>

<p>一般网上搜到的Sample Code会把这三步放到Activity的onCreate里顺序执行。也就是等SurfaceHolderListener获取到了SurfaceHolder再启动Camera。Camera启动完成再把它俩关联上并启动预览。我们来看一下再小米1上这个流程的耗时。</p>
<pre><code>获取SurfaceHolderListener    0.3秒
启动Camera                     1秒
</code></pre><p>如果把Activity创建的时间和其它代码执行的时间都忽略的话，我们一共耗费了1.3秒。而用户对大于1秒的等待都是不耐烦的。更不用说在有的手机上Camera启动时间能够达到反人类的1.5秒以上。</p>
<p>很容易想到的一个优化方案就是让获取SurfaceHolder和启动Camera在两个线程里异步进行。这样应该可以使耗时在小米1上缩短到1秒左右，勉强能接受。</p>
<p>SurfaceHolder的获取本身就是异步的。我们只需要在Activity的onCreate里再启动一个异步线程去启动Camera。在这两个异步线程执行完成后都分别去检测另一个线程是否完成。简化的代码如下。</p>
<figure class="highlight java"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div><div class="line">24</div><div class="line">25</div><div class="line">26</div></pre></td><td class="code"><pre><div class="line"><span class="keyword">public</span> <span class="keyword">void</span> <span class="title">onCreate</span>(Bundle savedInstanceState){</div><div class="line">	<span class="keyword">super</span>.onCreate(savedInstanceState);</div><div class="line">	vCameraPreview.setHolderListener(<span class="keyword">new</span> SurfaceObserver());</div><div class="line">	<span class="keyword">new</span> Handler().post(<span class="keyword">new</span> Runnable(){</div><div class="line">		<span class="keyword">public</span> <span class="keyword">void</span> <span class="title">run</span>(){</div><div class="line">			mCamera = Camera.open(mCameraId);</div><div class="line">			checkCamera();</div><div class="line">		}		</div><div class="line">	});	</div><div class="line">}</div><div class="line"></div><div class="line"><span class="keyword">private</span> <span class="class"><span class="keyword">class</span> <span class="title">SurfaceObserver</span> <span class="keyword">implements</span></span></div><div class="line">		<span class="title">SupportCamSurfaceView</span>.<span class="title">SurfaceHolderLisener</span> {</div><div class="line"></div><div class="line">	<span class="keyword">public</span> <span class="keyword">void</span> <span class="title">onSurfaceHolderCreated</span>(SurfaceHolder holder) {</div><div class="line">		mSurfaceHolder = holder;</div><div class="line">		checkCamera();</div><div class="line">	}</div><div class="line">}</div><div class="line"></div><div class="line"><span class="keyword">private</span> <span class="keyword">void</span> <span class="title">checkCamera</span>(){</div><div class="line">	<span class="keyword">if</span>(mSurfaceHolder != <span class="keyword">null</span> && mCamera != <span class="keyword">null</span>{</div><div class="line">		mCamera.setPreviewTexture(mSurfaceHolder);</div><div class="line">		mCamera.startPreview();</div><div class="line">	}</div><div class="line">}</div></pre></td></tr></table></figure>

<p>这样就算优化完了吗？让我们想想苹果是怎么做的吧。苹果很喜欢用一些过渡动画来掩饰后台加载的耗时。毕竟相机启动的这1秒时间是由硬件限制的，我们在app层面上没办法把它缩短，所以我们不如加一个动画，并在动画过程中提前启动相机，来一个苹果式的小trick。我给进入相机Activity的按钮加了一个0.5秒的反馈动画，又给相机Activity加了一个0.3秒的Pending动画，在两个动画完成后，只需再有0.2秒的时间小米1的相机就完成启动了，这对用户来说已经是完全可以接受的了。</p>
<p>上面的逻辑实现起来有两个问题。一个是在我们获取到CameraActivity的实例之前就要开始启动相机了，另一个是Camera启动完成后没办法调用Activity实例的checkCamera方法。所以我们只能把Camera和Activity实例分别存放到一个static变量里。写起来不复杂，只是需要注意变量的回收。在Activity的onDestroy里先把Camera release再设为null，Activity实例的引用直接设为null，这样就可以了。</p>
<figure class="highlight java"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div><div class="line">24</div><div class="line">25</div><div class="line">26</div><div class="line">27</div><div class="line">28</div><div class="line">29</div><div class="line">30</div><div class="line">31</div><div class="line">32</div><div class="line">33</div><div class="line">34</div><div class="line">35</div></pre></td><td class="code"><pre><div class="line"><span class="keyword">static</span> Camera mCamera;	</div><div class="line"><span class="keyword">static</span> CameraActivity instance;	</div><div class="line"></div><div class="line"><span class="keyword">public</span> <span class="keyword">void</span> <span class="title">onCreate</span>(Bundle savedInstanceState){</div><div class="line">	<span class="keyword">super</span>.onCreate(savedInstanceState);</div><div class="line">	instance = <span class="keyword">this</span>;</div><div class="line">	vCameraPreview.setHolderListener(<span class="keyword">new</span> SurfaceObserver());</div><div class="line">}</div><div class="line"></div><div class="line"><span class="keyword">public</span> <span class="keyword">static</span> <span class="keyword">void</span> openCamera{</div><div class="line">	<span class="keyword">new</span> Handler().post(<span class="keyword">new</span> Runnable(){</div><div class="line">		<span class="keyword">public</span> <span class="keyword">void</span> <span class="title">run</span>(){</div><div class="line">			mCamera = Camera.open(mCameraId);</div><div class="line">			<span class="keyword">if</span>(instance != <span class="keyword">null</span>){</div><div class="line">				instance.checkCamera();</div><div class="line">			}</div><div class="line">		}		</div><div class="line">	});	</div><div class="line">}</div><div class="line"></div><div class="line"><span class="keyword">private</span> <span class="class"><span class="keyword">class</span> <span class="title">SurfaceObserver</span> <span class="keyword">implements</span></span></div><div class="line">		<span class="title">SupportCamSurfaceView</span>.<span class="title">SurfaceHolderLisener</span> {</div><div class="line"></div><div class="line">	<span class="keyword">public</span> <span class="keyword">void</span> <span class="title">onSurfaceHolderCreated</span>(SurfaceHolder holder) {</div><div class="line">		mSurfaceHolder = holder;</div><div class="line">		checkCamera();</div><div class="line">	}</div><div class="line">}</div><div class="line"></div><div class="line"><span class="keyword">private</span> <span class="keyword">void</span> <span class="title">checkCamera</span>(){</div><div class="line">	<span class="keyword">if</span>(mSurfaceHolder != <span class="keyword">null</span> && mCamera != <span class="keyword">null</span>{</div><div class="line">		mCamera.setPreviewTexture(mSurfaceHolder);</div><div class="line">		mCamera.startPreview();</div><div class="line">	}</div><div class="line">}</div></pre></td></tr></table></figure>

]]></content:encoded>
      <comments>http://emptyzone.github.io/tech/2013/11/17/android-launch-camera-speed-up/#disqus_comments</comments>
    </item>
    
    <item>
      <title><![CDATA[Sparkles Background]]></title>
      <link>http://emptyzone.github.io/tech/2012/09/05/sparkles-background-javascript/</link>
      <guid>http://emptyzone.github.io/tech/2012/09/05/sparkles-background-javascript/</guid>
      <pubDate>Wed, 05 Sep 2012 00:00:00 GMT</pubDate>
      <description>
      <![CDATA[<p><img src="/images/sparkles-background-javascript/1.jpg" alt=""></p>
]]>
      
      </description>
      <content:encoded><![CDATA[<p><img src="/images/sparkles-background-javascript/1.jpg" alt=""></p>
<a id="more"></a>

<h1 id="背景圆球飘动效果的JS">背景圆球飘动效果的JS</h1>
<figure class="highlight javascript"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div><div class="line">24</div><div class="line">25</div><div class="line">26</div><div class="line">27</div><div class="line">28</div><div class="line">29</div><div class="line">30</div><div class="line">31</div><div class="line">32</div><div class="line">33</div><div class="line">34</div><div class="line">35</div><div class="line">36</div><div class="line">37</div><div class="line">38</div><div class="line">39</div><div class="line">40</div><div class="line">41</div><div class="line">42</div><div class="line">43</div><div class="line">44</div><div class="line">45</div><div class="line">46</div><div class="line">47</div><div class="line">48</div><div class="line">49</div><div class="line">50</div><div class="line">51</div><div class="line">52</div><div class="line">53</div><div class="line">54</div><div class="line">55</div><div class="line">56</div><div class="line">57</div><div class="line">58</div></pre></td><td class="code"><pre><div class="line"><span class="keyword">var</span> Spark = <span class="function"><span class="keyword">function</span> <span class="params">()</span> </span>{</div><div class="line">    <span class="keyword">var</span> a = <span class="keyword">this</span>;;</div><div class="line">    <span class="keyword">this</span>.n = <span class="built_in">document</span>.createElement(<span class="string">"div"</span>);</div><div class="line">    <span class="keyword">this</span>.caculateStyle().newSpeed().newPoint().</div><div class="line">		display().newPoint().fly()</div><div class="line">};</div><div class="line">Spark.prototype.display = <span class="function"><span class="keyword">function</span> <span class="params">()</span> </span>{</div><div class="line">    $(<span class="keyword">this</span>.n).attr(<span class="string">"style"</span>, <span class="keyword">this</span>.style).</div><div class="line">		css(<span class="string">"position"</span>, <span class="string">"absolute"</span>).css(<span class="string">"z-index"</span>, -<span class="number">1</span>).</div><div class="line">			css(<span class="string">"top"</span>, <span class="keyword">this</span>.pointY).</div><div class="line">				css(<span class="string">"left"</span>, <span class="keyword">this</span>.pointX);</div><div class="line">    $(<span class="string">'#background'</span>).append(<span class="keyword">this</span>.n);</div><div class="line">    <span class="keyword">return</span> <span class="keyword">this</span></div><div class="line">};</div><div class="line">Spark.prototype.caculateStyle= <span class="function"><span class="keyword">function</span><span class="params">()</span></span>{</div><div class="line">	<span class="keyword">var</span> size = <span class="keyword">this</span>.random(<span class="number">18</span>) + <span class="number">2</span>;</div><div class="line">	<span class="keyword">var</span> alpha = <span class="number">0.2</span> + <span class="number">0.8</span> * <span class="number">2</span>/size;</div><div class="line">	<span class="keyword">var</span> shadowAlpha = alpha*<span class="number">2</span>;</div><div class="line">	<span class="keyword">this</span>.style = <span class="string">"border-radius: 50%;"</span>;</div><div class="line">	<span class="keyword">this</span>.style = <span class="keyword">this</span>.style	+ <span class="string">"width:"</span> + size + </div><div class="line">		<span class="string">"px;height:"</span> + size + <span class="string">"px;"</span>;</div><div class="line">	<span class="keyword">this</span>.style = <span class="keyword">this</span>.style + <span class="string">"box-shadow:0 0 "</span> + </div><div class="line">		size+<span class="string">"px rgba(255,255,255,"</span>+ shadowAlpha +<span class="string">");"</span>;</div><div class="line">	<span class="keyword">this</span>.style = <span class="keyword">this</span>.style + <span class="string">"background-color:"</span> + </div><div class="line">		<span class="string">"rgba(255,255,255,"</span>+ alpha +<span class="string">");"</span>;</div><div class="line">	<span class="keyword">return</span> <span class="keyword">this</span>;</div><div class="line">}</div><div class="line">Spark.prototype.fly = <span class="function"><span class="keyword">function</span> <span class="params">()</span> </span>{</div><div class="line">    <span class="keyword">var</span> a = <span class="keyword">this</span>;</div><div class="line">    $(<span class="keyword">this</span>.n).animate({</div><div class="line">        top: <span class="keyword">this</span>.pointY,</div><div class="line">        left: <span class="keyword">this</span>.pointX</div><div class="line">    }, <span class="keyword">this</span>.speed, <span class="string">"linear"</span>, <span class="function"><span class="keyword">function</span> <span class="params">()</span> </span>{</div><div class="line">        a.newSpeed().newPoint().fly()</div><div class="line">    })</div><div class="line">};</div><div class="line">Spark.prototype.newSpeed = <span class="function"><span class="keyword">function</span> <span class="params">()</span> </span>{</div><div class="line">    <span class="keyword">this</span>.speed = (<span class="keyword">this</span>.random(<span class="number">10</span>) + <span class="number">5</span>) * <span class="number">1100</span>;</div><div class="line">    <span class="keyword">return</span> <span class="keyword">this</span></div><div class="line">};</div><div class="line">Spark.prototype.newPoint = <span class="function"><span class="keyword">function</span> <span class="params">()</span> </span>{</div><div class="line">    <span class="keyword">this</span>.pointX = <span class="keyword">this</span>.random(<span class="built_in">window</span>.innerWidth - <span class="number">100</span>) + <span class="number">50</span>;</div><div class="line">    <span class="keyword">this</span>.pointY = <span class="keyword">this</span>.random(<span class="built_in">window</span>.innerHeight - <span class="number">100</span>) + <span class="number">50</span>;</div><div class="line">    <span class="keyword">return</span> <span class="keyword">this</span></div><div class="line">};</div><div class="line">Spark.prototype.random = <span class="function"><span class="keyword">function</span> <span class="params">(a)</span> </span>{</div><div class="line">    <span class="keyword">return</span> <span class="built_in">Math</span>.ceil(<span class="built_in">Math</span>.random() * a) - <span class="number">1</span></div><div class="line">};</div><div class="line">$(<span class="function"><span class="keyword">function</span> <span class="params">()</span> </span>{</div><div class="line">    <span class="keyword">if</span> ($.browser.msie && $.browser.version &lt; <span class="number">9</span>) {</div><div class="line">        <span class="keyword">return</span></div><div class="line">    }</div><div class="line">    <span class="keyword">var</span> a = <span class="number">20</span>;</div><div class="line">    <span class="keyword">var</span> b = [];</div><div class="line">    <span class="keyword">for</span> (i = <span class="number">0</span>; i &lt; a; i++) {</div><div class="line">        b[i] = <span class="keyword">new</span> Spark()</div><div class="line">    }</div><div class="line">});</div></pre></td></tr></table></figure>

<p><a href="/downloads/code/js/sparkles.js" target="_blank">Download</a></p>
]]></content:encoded>
      <comments>http://emptyzone.github.io/tech/2012/09/05/sparkles-background-javascript/#disqus_comments</comments>
    </item>
    
    <item>
      <title><![CDATA[金牛座]]></title>
      <link>http://emptyzone.github.io/life/2012/08/30/little-taurus/</link>
      <guid>http://emptyzone.github.io/life/2012/08/30/little-taurus/</guid>
      <pubDate>Thu, 30 Aug 2012 00:00:00 GMT</pubDate>
      <description>
      <![CDATA[<p>金牛座的女生都很靠谱，我在夸谁，如果你能看到请一定要对号入座。</p>
]]>
      </description>
      <content:encoded><![CDATA[<p>金牛座的女生都很靠谱，我在夸谁，如果你能看到请一定要对号入座。</p>
]]></content:encoded>
      <comments>http://emptyzone.github.io/life/2012/08/30/little-taurus/#disqus_comments</comments>
    </item>
    
    <item>
      <title><![CDATA[悲剧才隽永]]></title>
      <link>http://emptyzone.github.io/read/2011/10/12/tragedy-lasts/</link>
      <guid>http://emptyzone.github.io/read/2011/10/12/tragedy-lasts/</guid>
      <pubDate>Wed, 12 Oct 2011 00:00:00 GMT</pubDate>
      <description>
      <![CDATA[<p>『我不是故意的，请不要再哭了。我这支铅笔要送给你，我只削过一次哦。我真的不是故意害你跌倒的，对不起啦。』</p>
<p>「老师早就说过不许在走廊上楼梯口跑，你们不守规矩害我帮老师拿的作业簿掉到一楼，上面有泥土，我对不起爱护作业簿的同学，铅笔还给你，你应该跟全班说对不起。」</p>
]]>
      
      </description>
      <content:encoded><![CDATA[<p>『我不是故意的，请不要再哭了。我这支铅笔要送给你，我只削过一次哦。我真的不是故意害你跌倒的，对不起啦。』</p>
<p>「老师早就说过不许在走廊上楼梯口跑，你们不守规矩害我帮老师拿的作业簿掉到一楼，上面有泥土，我对不起爱护作业簿的同学，铅笔还给你，你应该跟全班说对不起。」</p>
<a id="more"></a>


<p>『是你叫我跟全班说对不起的啊。』</p>
<p>「我又没有叫你站在讲台上说对不起。」</p>
<p>『我有在收集邮票，你可不可以写信给我？』</p>
<p>「我没有写过信诶。你先写给我，我再回信给你。」</p>
<p>「你不是要写信给我吗？」</p>
<p>『我只知道你叫陈淑芬，我又不知道你家地址。』</p>
<p>『诶，瘦皮猴是我的绰号，写信要写我的名字，李政国。』</p>
<p>「瘦皮猴，我下次会改进的。」</p>
<p>『谢谢你，爱哭芬。』</p>
<p>「上课不可以传纸条。上课不可以传纸条。上课不可以传纸条。上课不可以传纸条。。。」</p>
<p>『上课不可以传纸条。上课不可以传纸条。上课不可以传纸条。上课不可以传纸条。。。』</p>
<p>『</p>
<p>淑芬：</p>
<p>收信快乐。</p>
<p>今天的天气真好，有一点云，不到二十度的气温，让人期待阳光的温暖。</p>
<p>已经整整一年没有和你写信了，你好吗？</p>
<p>去年，我来不及参加你的葬礼，我赶到的时候已经迟了两天，你弟弟把你遗留下来的纸箱交给我，我原封不动的把它带回台北，我一直没有勇气把它打开。</p>
<p>一直到一个小时之前，我才终于把它打开来，跟我猜的一样。</p>
<p>里面装的全是我写给你的信，一封一封，你遗留在这个世界上的信。</p>
<p>我很仔细的把它们又读了一遍，我还看到了那支铅笔，看起来它还是只削过一次的样子。</p>
<p>爱你。</p>
<p>』</p>
<p>「谢谢你。瘦皮猴。」</p>
]]></content:encoded>
      <comments>http://emptyzone.github.io/read/2011/10/12/tragedy-lasts/#disqus_comments</comments>
    </item>
    
    <item>
      <title><![CDATA[极简主义设计与独立博客]]></title>
      <link>http://emptyzone.github.io/tech/2011/02/19/minimalism-and-blog/</link>
      <guid>http://emptyzone.github.io/tech/2011/02/19/minimalism-and-blog/</guid>
      <pubDate>Sat, 19 Feb 2011 00:00:00 GMT</pubDate>
      <description>
      <![CDATA[<p>极简主义是一种生活态度，倡导简约整洁优雅的感官体验。在设计上倾向于以极少的元素辅以大面积留白，从而使内容重点得以强调突出，优雅地传达出设计师的感情。</p>
<p>Gary Blog的主题便是Gary对极简主义设计的践行，Gary倾心于这种干净而优雅的体验，作为个人博客，Gary Blog实化了Gary理想中面对生活的态度。下面Gary简单阐述一下自己对极简主义设计与个人博客之间联系的理解。</p>
]]>
      
      </description>
      <content:encoded><![CDATA[<p>极简主义是一种生活态度，倡导简约整洁优雅的感官体验。在设计上倾向于以极少的元素辅以大面积留白，从而使内容重点得以强调突出，优雅地传达出设计师的感情。</p>
<p>Gary Blog的主题便是Gary对极简主义设计的践行，Gary倾心于这种干净而优雅的体验，作为个人博客，Gary Blog实化了Gary理想中面对生活的态度。下面Gary简单阐述一下自己对极简主义设计与个人博客之间联系的理解。</p>
<a id="more"></a>

<h1 id="一、内容为主，设计为辅">一、内容为主，设计为辅</h1>
<p>Bloggers写博客的目的无疑是为了发出自己的声音并被别人听到，而真正有价值的内容才是吸引读者的关键。</p>
<p>极简主义设计通过对页面元素数量的最小化，从而加强了博客内容在读者眼中的权重。使读者的注意力集中于内容上，这是在网络阅读中难能可贵的体验。</p>
<h1 id="二、大面积留白">二、大面积留白</h1>
<p>不同分辨率的显示器一直是网页设计者所纠结的问题，横向滚动条是浏览体验的杀手，但兼容所有分辨率的网页又很难设计。</p>
<p>而极简主义利用大量的留白解决了这个问题，两侧的留白自动适应了所有不同的分辨率。同样留白的单调也避免了读者的视线做无意义的游移。</p>
<h1 id="三、慎用色彩">三、慎用色彩</h1>
<p>极简主义设计采用极少的颜色展示内容，页面风格统一优雅。仅有的颜色也以冷色调为主。</p>
<p>暖色调普遍会在人脑中产生警醒的作用，所以暖色调应用于强调，而过多的强调无疑会使读者找不到重点不知所措，甚至给读者带来过大的视觉压力。</p>
<p>所以黑白与冷色调成了极简主义设计中的主角。</p>
<h1 id="四、优秀的排版">四、优秀的排版</h1>
<p>由于色彩的简化和留白的大量出现，极简主义中对内容的组织只能通过排版来体现。</p>
<p>对内容的排版应遵从重复、对齐、对比和亲密性原则。</p>
<p>重复原则即对页面内同类元素采用相同的设计，从而使读者具备直观的相联系的印象。</p>
<p>对齐原则即对页面元素建立明确的对齐线，使读者的视线移动有所依循，避免居中对齐。</p>
<p>对比原则即对页面内具有更高优先级的元素采用完全不同的设计，对比原则的基础是重复原则，只有在拥有足够的重复元素的前提下的对比才会产生突出作用，否则只会使页面杂乱。</p>
<p>亲密性原则即对页面内元素依相关性大小来决定其在空间上的距离，相关元素距离近，无关元素距离远。</p>
]]></content:encoded>
      <comments>http://emptyzone.github.io/tech/2011/02/19/minimalism-and-blog/#disqus_comments</comments>
    </item>
    
    <item>
      <title><![CDATA[那是连风都不曾抵达的地方 那是连太阳都无法温暖的角落]]></title>
      <link>http://emptyzone.github.io/read/2011/01/27/beyond-wind-and-light/</link>
      <guid>http://emptyzone.github.io/read/2011/01/27/beyond-wind-and-light/</guid>
      <pubDate>Thu, 27 Jan 2011 00:00:00 GMT</pubDate>
      <description>
      <![CDATA[<p>搬来一篇墙外的文章。</p>
<h1 id="（一）">（一）</h1>
<p>不知道各位玩过一个电脑小游戏没有。游戏是这样的，一个场景中，充满着不同方向的引力场和斥力场。游戏者在某个特定点发射一个小球。通过选择特定的发射角度与发射方向，小球就会在屏幕上翻转盘旋，划着奇异的轨道滑向某个终点。</p>
<p>我想，1963年的Edward.C.Stone一定是玩过这个游戏的。或许这正是他闲暇之余设计的一个小程序。</p>
<p>那时，他还是芝加哥大学的一个研究生，工作之一是计算某些卫星的发射轨道。在一次计算中，他惊讶地发现，当太阳系行星排列成某些特殊形状的时候，它们的引力就可以不断地为经过它们周边的物体加速。</p>
<p>进一步的仔细计算表明，这种事情每大约175年才会发生一次，而这种免费午餐式的摇摆变轨加速，能在当时的条件下，用大约十二年时间，就到达原本需要花费三十年时间才能到达的海王星。</p>
<p>而下一次这种时机的来临，是1977年。</p>
]]>
      
      </description>
      <content:encoded><![CDATA[<p>搬来一篇墙外的文章。</p>
<h1 id="（一）">（一）</h1>
<p>不知道各位玩过一个电脑小游戏没有。游戏是这样的，一个场景中，充满着不同方向的引力场和斥力场。游戏者在某个特定点发射一个小球。通过选择特定的发射角度与发射方向，小球就会在屏幕上翻转盘旋，划着奇异的轨道滑向某个终点。</p>
<p>我想，1963年的Edward.C.Stone一定是玩过这个游戏的。或许这正是他闲暇之余设计的一个小程序。</p>
<p>那时，他还是芝加哥大学的一个研究生，工作之一是计算某些卫星的发射轨道。在一次计算中，他惊讶地发现，当太阳系行星排列成某些特殊形状的时候，它们的引力就可以不断地为经过它们周边的物体加速。</p>
<p>进一步的仔细计算表明，这种事情每大约175年才会发生一次，而这种免费午餐式的摇摆变轨加速，能在当时的条件下，用大约十二年时间，就到达原本需要花费三十年时间才能到达的海王星。</p>
<p>而下一次这种时机的来临，是1977年。</p>
<a id="more"></a>

<h1 id="（二）">（二）</h1>
<p>有诗云，一万年太久，只争朝夕。只是科学的归科学，剩下的全归钱。不要说一万年太久，就是一十二年朝夕必争，也没有一个机构肯下这种本钱。卫星上了天，不是说就算完事了，地面控制要钱，地面数据接收要钱，一个不小心卫星出状况了，抢救要钱——说是抢救，其实无非是转着圈儿搜卫星信号而已，宛若大海捞针——闲话少说，总之，啥都要钱，没有人会在一个一飞十二年花钱如流水而且随时都会跟别的男人跑掉的娇宝贝身上下注。</p>
<p>怎么办？只能把野心藏起来。我们根本没有去海王星的打算，但是，这摇摆变轨加速，可不只缩短去海王星的时间呐。它同样可以让去木星土星的时间，缩短到只需三到四年。</p>
<p>于是，小心翼翼地，科学家们在六十年代中期，紧跟着一系列成功的水手号卫星之后，提出说，既然我们的水手们如此成功，探测了火星、金星和水星，为什么不也去木星看看呢？就当是这个计划的延续好了。</p>
<p>NASA答应了，便有了水手计划之木星土星特航，分别叫做水手一十一号，和水手一十二号。</p>
<p>司马昭之心，路人皆知。哪里有什么水手的延续。很快，琵琶就被扔掉了，而半边夜叉脸也露了出来。这个计划被改名叫做旅行者计划，理直气壮地要一直飞向土星。</p>
<p>当时，人类还从未近距离拍摄过这两颗行星。在太空竞赛这个大环境的支撑下，计划同样通过了。而在计划的末尾，则约略提到，如果卫星够幸运够强大的话，或许，可以飞到海王星吧。</p>
<h1 id="（三）">（三）</h1>
<p>海王星？</p>
<p>这次，轮到NASA开始琢磨了。海王星？海王星在哪里？海王星到太阳的距离是土星到太阳距离的三倍，木星到太阳距离的六倍，以及地球到太阳距离的三十倍。这几乎已经飞出太阳系了！</p>
<p>啊！原来，我们还有这种指望啊……</p>
<p>人永远是不知足的，得到了一，还想得到二，而得到了二，就想得到三——得到了三，他就得到了万物。只是，这次NASA的兴奋与希冀，甚至超出了万物。</p>
<p>他们想和外星人取得联系。地球。太阳。太阳系。太阳系以外。外星人。</p>
<p>人生五十年，如梦似幻。七零年代的卡尔·萨根，正处在梦幻年华的黄金时刻。他刚刚在康奈尔大学走上了终生教职的道路，同时担任着NASA的顾问。在这之前，在他的推动之下，1972年发射的先驱者11号和先驱者12号，已经携带上了画者人类男女图象的铝板，向着远方飞去。这次，看上去，又是一个机会啊。</p>
<p>于是，新的内容被追加进了这个旅行者计划：它将携带更充分的燃料——反正，烧二十年的电池和烧五十年的电池差不多重——然后，再加进一块金盘，录入人类的资料。这东西也不太重，而且，是个软媒介，技术要求不高，开发消耗就更少了。</p>
<p>看起来，有百利而无一害啊。</p>
<p>1972年，探测土星木星和它们的卫星，也说不定溜达到天王星海王星，顺带还有很小可能跑出太阳系的旅行者计划，被正式批准了。</p>
<h1 id="（四）">（四）</h1>
<p>花开花落，花落花开。转眼间，人类历史上的第一颗卫星已经发射了整整二十二年。而前辈强者，如范阿伦、钱德塞克诸人，也逐渐老去。当年的小伙子Edward Stone，现在已经是加州理工的教授了。旅行者一号和二号于1977年先后离开了地球母亲，三年之后的现在，她们已经双双飞过了木星，并有着诸多的发现，不光观测到了第一座地球之外的活火山，还为木星找到了三个迷途的孩子。在卫星中，她们算得上交际名媛，美名远扬。</p>
<p>而科学家们，则开始为新的卫星做出准备了。</p>
<p>“朋友，你想得到我的心么？”“当然。”“那么，请遵守四条原则，多，快，好，省。”</p>
<p>这大抵是NASA的官员对每一个前来拜访的科学家所说的话。既要让马儿跑，还不准多吃草。、</p>
<p>那么，只好赚外快，打野食。这次，Edward Stone把他的小算盘，打到了太阳身上。</p>
<p>什么样的车最省油？</p>
<p>答案是不开的车。</p>
<p>在日地体系中，有五个引力平衡点。其中，离地球最近的那个，正好位于地球和太阳的连线上，靠近地球的这边。假如把一颗卫星送到这里，那么，就可以让它连续地观察太阳，而不需做出任何主动运动——在法向上，这是一个稳定平衡，日地引力将把这颗卫星带着绕日转动。它只需在切向上细微地调整自己的位置就好了。</p>
<p>NASA一定会喜欢这个计划的，Ed想，这些人虽然有钱，但是顿顿都吃能报销的公务餐。你越是抠门，就越对了他们的胃口。现在他要找的，只是一群好哥们。人多声势大，万言书远不如万人签名来得好用。</p>
<p>于是，在1980年的地球物理年会上，他找到了他的几个旧识与朋友，比如，旅行者计划的第一大脑，希腊人Krimigis；他在加州理工的同事，Dick Mawaldt；还有新近在旅行者计划中崭露头角的研究员George Gloeckler和他在马里兰的同事，Glen Mason。</p>
<p>大家都有自己的绝活和自己的兴趣。几个人碰头一商量，不若数好合一好，把每个人的仪器凑到一起，组成一颗新卫星，放到这个日地引力平衡点处。</p>
<p>而这时，远在地球的另一面，George Gloeckler未来最好的朋友，刚刚服完兵役，开始了他在马克思-普朗克实验室的研究员工作。</p>
<h1 id="（五）">（五）</h1>
<p>时钟开始迅速地再次向后拨动。这次，我们来到了1990年的Iowa。</p>
<p>一十二年之前，Eberhard Moebius还是一个小人物，他在波鸿大学拿到了自己的博士学位，然后去服了一年兵役。</p>
<p>而现在，四十二岁的他，在《自然》杂志上发表了论文，也拥有了属于自己的粒子飞行时间探测仪，已经是业内小有名气的研究者了。他有了自己的研究经费，更有了很多和他密切合作的朋友，其中和他关系最好的一位，是研究太阳风结构的George Gloeckler。</p>
<p>于是，在邀请之下，他踌躇满志地踏上了美国的土地，来到了世界上空间物理最强的Iowa大学，希望在这里打出属于自己的一片天空。</p>
<p>但是事情并不令他满意。短短数天时间的互相考察之中，他觉得他并没有看到他想要的，一派欣欣向荣的学术气氛。相反，空气中搀杂着一些说不出的味道来。人与人之间，似乎多了点敷衍，少了些真诚。一边参观著名的范阿伦大楼，他一边与陪同者交流。令他最感到惊讶的是，当他提出说，他可以和其他教工共用以他申请到的经费购买的仪器时，得到的是冷冰冰的答复。</p>
<p>“不，我们这里不这么干。仪器是属于你自己的，何必要给别人用？”</p>
<p>尽管如此，他还是在这里交到了一些朋友，比如系主任德怀特·尼克尔森，甚至和他竞争同一个特殊教授职位的克里斯托佛·戈尔茨。</p>
<p>数月之后，Eberhard同时接到了他的两位好友，George Gloeckler和Martin Lee的邀请，分别来自Maryland和New Hampshire。而Iowa这边，与他联系的人，似乎始终和他有某些隔阂。</p>
<p>他最终去了New Hampshire。在去New Hampshire之前，他最后造访了Iowa一趟，和尼克尔森与戈尔茨一起吃了顿饭。</p>
<p>“是啊，大家都只顾自己，从不合作。”尼克尔森感叹道：“但是我也没什么办法。事情变成这个样子，也不是一天两天能够解决的了。”</p>
<p>“他们是那里我见到的不多的真诚而友好的人。他们是例外。”多年以后，Eberhard这样评价说。</p>
<p>戈尔茨最终得到了那个职位，他有两个学生，一个叫做卢刚，一个，叫做山林华。</p>
<h1 id="（六）">（六）</h1>
<p>1985年，北京大学本科毕业生卢刚，来到了Iowa大学，修读空间物理博士。他选择了克里斯托佛·戈尔茨作为他的导师。他的物理基础很好，选择的课题也是理论性很强的电磁等离子体基础研究。</p>
<p>1986年，中国科技大学本科毕业生山林华，也来到了美国。他一开始就读的是德克萨斯农机大学。1987年，他转入Iowa大学，并同样选择了戈尔茨作为导师。山林华的研究方向是戈尔茨的另外一个主攻方向，木星的磁场研究。</p>
<p>经过木星的卫星并不多。在当时，主要的数据来源，仍然是1979年经过那里的两颗旅行者卫星。这同样也成为了山林华的研究的主要依靠。</p>
<p>山林华和卢刚后来在博士资格考试中，并列获得了第一名。</p>
<p>1990年，卢刚以第二作者的身份，发表了他的第一篇，也是唯一一篇论文。</p>
<p>1990年末，山林华博士答辩成功，他利用旅行者卫星研究的木星光环电磁效应的课题，取得了圆满成功，并得到了教授们的一致好评。旅行者的数据是独一无二的，山林华的研究，同样是独一无二的。教授们把这篇论文评为当年的优秀博士论文。</p>
<p>1990年末1991年初，山林华获得了Iowa大学的一个博士后职位，他仍然在戈尔茨手下工作。</p>
<p>1991年1月，山林华的第一篇论文发表在《天体物理杂志》上，研究方向同样是木星光环。山林华是第一作者。</p>
<p>1991年2月和1991年8月，山林华又以第一作者的身份连续发表了两篇文章。这两篇文章则转入了基本等离子体研究，讨论了地球的磁场扰动。</p>
<p>1991年5月，卢刚试图博士毕业，但是并没有通过初审。他的第二次答辩终于通过了。可惜，他希望留在美国，却并没有找到稳定的工作。</p>
<p>1991年11月1日，周五，下午3点。卢刚在研讨会进行的过程中，先后开枪射杀了他的导师，戈尔茨，和组中的副教授史密斯，接着他开枪打死了山林华。他离开了组会房间，下到2楼，射杀了系主任尼克尔森。最后他来到行政大楼，打死了副校长克黎利，重伤当时在场的一名本科生学生助理，随后饮弹自尽。</p>
<p>从此，范阿伦大楼里，多了几分森森鬼气。而Iowa，这个之前高高在上的空间物理研究者们的圣地，也一蹶不振，泯然众人。</p>
<p>1993年5月，以戈尔茨、山林华和史密斯为第一、第二、第三作者的论文发表在领域内最好的杂志，《地球物理研究》上。这也是山林华为科学作出的最后的贡献。</p>
<h1 id="（七）">（七）</h1>
<p>二十年弹指一挥间。曾几何时，岁月爬上了小伙子的头，爬上了姑娘的腰。曾几何时，往日的英姿飒爽，已变得老成持重。六十岁的Edward Stone，已经做过了加州理工数学、物理和空间学院的院长，继而在前任辞世之后，担任起了旅行者计划的主要科学负责人。而两位旅行者，已经远远超过了人们的期待。</p>
<p>旅行者一号，于1980年掠过土星。在远远地对土卫一进行预观测之后，研究人员决定对她进行改道，让她对土卫一作出详细观测，不再经过天王星与海王星。而旅行者二号，则成为了迄今为止，天王星和海王星的唯一人造访客。</p>
<p>在卢刚夺去地球上最好的空间物理系的灵魂之前的1989年，旅行者们已经超额完成了她们的行星间观测，并成为了人类太空探索史上划时代的璀璨明珠。</p>
<p>然则，好事多磨。那颗原本要放在地日引力平衡点的卫星，虽然早在1983年，就在Glen Mason和George Gloeckler的主持下，正式提上日程，却迟迟没有获得批准。</p>
<p>直到又过了快十五年。</p>
<p>1997年年底，卫星ACE，在Stone的主持下，射入太空。这是真正属于Stone的第一颗深空探测卫星。</p>
<h1 id="（八）">（八）</h1>
<p>那是连风都不曾抵达的地方。</p>
<p>那是连太阳都无法温暖的角落。</p>
<p>那是寂寞的远处，太阳系的边缘。</p>
<p>十多年前，一群人曾经聚在一起讨论过，太阳系统的边界，是在什么地方。</p>
<p>据说，在很远很远的地方，太阳风会慢到音速以下，因此形成一个边界，叫做终止边界。这个边界再望外走，又走很远很远很远，星际粒子流将最终克服太阳风等离子体，而形成一个弓形冲击波。这个弓形冲击波的里边界，叫做氦球层顶。而这两个边界之间的地方，叫做氦鞘。它们共同构成了太阳系的最外围。</p>
<p>但是，没有人知道这套理论是否正确。更没有人知道，假如这套理论是正确的话，这两个边界又都在什么地方。</p>
<p>Just for fun，他们作了一个民意调查，五十多位科学家，每个人把自己的看法写在纸上。</p>
<p>结果大约是这样的：大部分人认为，终止边界会在地日距离的五十倍左右。小部分人认为可能达到六十倍，还有三四个人认为，可能有八十个日地距离那么远。</p>
<p>旅行者们孤独前行。</p>
<p>三年过去了。这些科学家在一起，又作了一次民意调查。这时，旅行者已经离太阳超过五十三倍日地距离了，什么都没有发生。</p>
<p>这次，大约有三分之一的人，对理论提出了怀疑。另一些人认为，七十到八十倍距离才是合理的。少数人说，或许能到九十倍吧。</p>
<p>而旅行者们继续孤独前行。</p>
<p>太阳的温暖越来越难以关照到这两位跋涉的旅人了。她们不得不开始更多地使用自身携带的化学放射电池。即使是这样，能量的供应也在逐渐减少。她们不得不勒紧裤带，节衣缩食。</p>
<p>1998年，光学成相设备被关掉了。她们失去了一只眼睛。</p>
<p>紧接着，2000年，旅行者2号的红外探测仪和紫外探测仪也被关掉了，她已经处于全盲的状态——旅行者1号还努力地半睁着她的紫外探测仪，为此，她不得不让她的左臂，太阳风等离子体观测仪停止工作。</p>
<p>2001年，太阳能电池板所提供的电力已经不足整个卫星供给的十分之一，她们难过地瘸了。</p>
<p>但是她们仍在跋涉。</p>
<p>2002年，旅行者2号的高效发射天线停止工作，从此她嘶哑了嗓子，靠着低效频段，以原来千分之一的速度发回数据。</p>
<p>地面观测人员开始动摇了：她们还能支撑多久？旅行者1号已经离太阳有九十个日地距离了，但是什么都没有看到。终止边界，氦球鞘层，氦球层顶——太空中静悄悄，什么也没有发生。只有日复一日，重复着的相同的数据。</p>
<p>人们终于决定，是时候放弃这两颗卫星了。她们已经垂垂老矣，或许，不再适合干什么重活了。</p>
<h1 id="（九）">（九）</h1>
<p>我们应该感谢什么呢？或许，科学最应该感谢的是官僚主义。官僚主义让科学推迟开始，但是也让科学推迟了结束。</p>
<p>就在层层审批之中，天际传来了波动。</p>
<p>2003年11月，旅行者1号进入了终止边界。</p>
<p>审批停止了。大家张大了嘴。</p>
<p>这时，旅行者1号距离太阳整整九十四个日地距离。无人能料。</p>
<p>而在四年之后，2007年7月，旅行者2号在八十七个日地距离处，在另一位置穿越了终止边界。</p>
<p>盖棺定论。理论是对的，尽管，还需要更多发展。</p>
<p>而旅行者们的生命，也数得到尽头了。化学放射电池不可能无休止地燃烧下去。顶多到2025年，旅行者上的最后一件科学设备也将停止运转。一切，都将归于平静。</p>
<p>她们哪里是水性杨花的娇气小姐。她们是身残志坚，不离不弃，天赋异禀，功勋卓著，坚韧不拔，死而后已的奇女子。</p>
<h1 id="尾声">尾声</h1>
<p>2007年，ACE的陨落已经提上日程。连续不断的太阳粒子冲击让这位在航空公司、GPS公司和手机公司中信誉颇高的预言家不堪重负。</p>
<p>2012年，中国的夸父将走上日地引力平衡点，取代ACE的位置，继续它为地球干了一十五年的太阳风暴预测工作。</p>
<p>2006年，冥王星探测器“新地平线”号从佛罗里达起飞。</p>
<p>2009年，Eberhard Moebius和他的同僚一起，发起了新一轮的太阳系边界探测计划——自旅行者出发之后，该计划在三十年之内被人反复提出，无一通过。</p>
<p>这一年，最早提出太阳风模型的Parker 86岁。Gloeckler 76岁，已经几乎无法辨认哪怕是站在对面的人的相貌。Stone 71岁，已经有了两个孙子。Mason 67岁。Moebius 61岁。即使这个卫星计划最终获得通过，他们之中也只有最幸运的那些人，才能看到卫星到达目标的那一刻。</p>
<p>而人类历史上走得最长的旅行者们，仍在无声地滑向远方，继续着她们寂静的旅程。</p>
<p>或许，她们会继续她们的幸运，在遥远的时空中的某一点，被某种生物发现，找到自己完美的归属吧……</p>
]]></content:encoded>
      <comments>http://emptyzone.github.io/read/2011/01/27/beyond-wind-and-light/#disqus_comments</comments>
    </item>
    
    <item>
      <title><![CDATA[演不完的惨绿青春]]></title>
      <link>http://emptyzone.github.io/life/2011/01/26/angry-teens/</link>
      <guid>http://emptyzone.github.io/life/2011/01/26/angry-teens/</guid>
      <pubDate>Wed, 26 Jan 2011 00:00:00 GMT</pubDate>
      <description>
      <![CDATA[<p><img src="/images/angry-teens/title.jpg" alt=""></p>
<p>青春这个字眼总是与惨绿这个形容相伴，就像忧伤和愤怒总是伴随着每一个即将独自面对这个世界的年轻的心。</p>
<p>在我们的青春即将结束的那几年，仍然怀揣着童稚的理想与信念的我们，眼看着现实社会的无奈，在矛盾重重中我们左冲右突的心灵很难找到自己的位置和可靠的信仰。我们在不断的质问“我究竟还能相信什么？”中，逐渐告别青春，蜕变为麻木的大人。</p>
]]>
      
      </description>
      <content:encoded><![CDATA[<p><img src="/images/angry-teens/title.jpg" alt=""></p>
<p>青春这个字眼总是与惨绿这个形容相伴，就像忧伤和愤怒总是伴随着每一个即将独自面对这个世界的年轻的心。</p>
<p>在我们的青春即将结束的那几年，仍然怀揣着童稚的理想与信念的我们，眼看着现实社会的无奈，在矛盾重重中我们左冲右突的心灵很难找到自己的位置和可靠的信仰。我们在不断的质问“我究竟还能相信什么？”中，逐渐告别青春，蜕变为麻木的大人。</p>
<a id="more"></a>

<hr>
<p>这几天Gary看了两部关于惨绿青春的电视剧。来自台湾的《他们在毕业的前一天爆炸》和来自大陆的《青春期撞上更年期》。其实单从影片名称即可看出孰优孰劣。</p>
<p>同样是对青春烦恼的描述，台湾的探讨要比大陆深入得多。大陆的青春片总难免沦入搞笑之流，但对问题症结的探讨却总因要照顾各个阶层的感受，而浅尝辄止，不敢深入。但《他们在毕业的前一天爆炸》一片，尽管只有5集却做出了远胜于30多集的讨论，对家庭教育、学校教育、甚至是选举制度等方面对少年的影响都做了揭示。当然，由于大陆根本不存在选举制度，所以也便无需对其多言了。</p>
<p>在人物塑造方面，《他们在毕业的前一天爆炸》一片也要更胜一筹。大陆影视作品中的人物往往趋于平面化脸谱化。《青春期撞上更年期》中邓家齐的父母几经周折用了30多集的时间也没改掉试图操控孩子命运的心理。而《他们在毕业的前一天爆炸》中每一个人物都在成长，其中尤以王筱柔和洪成辑的戏份最为出彩。</p>
<p>王筱柔在最无助的时候哭着说“我要掉下去了”“我的身体里好像破了一个洞”，让电脑前的Gary看得胆战心惊。这恐怕是对我们年少时的心灵最形象的描述了。在孤独无依中与社会与自己进行着无止尽的战斗。想要向上，苦苦挣扎，难逃被拉入万丈深渊的命运。</p>
<p>而洪仔对社会规则的洞悉，同样让人心寒。洪仔心狠手辣做事绝，但是他却并不邪恶。他的狠本质上是压抑的。有压抑就有爆发，寡言少语的洪仔，一旦爆发，便是不回头的冲撞。在他因抢劫银行入狱，浩远去看望他的时候，他淡淡的一句“就是爆炸了啊”却蕴含了多少辛酸多少委屈，还有心中那么多的愤怒。真的是爆炸，积压啊积压，最后就炸了。</p>
<p>第五集中浩远对阿丁说“帮我记得，我还没有坏掉的样子”。其实浩远并不是坏掉了。他只是不愿与这世界妥协。他用纯真的眼睛看待这个世界，一直试图分辨出黑白对错。于是他和20年前的小四一样，用生命与这个世界进行了一场单挑。当然，就像20年前的小明说的一样，这个世界并不会因为他们改变。</p>
<p>马上就要告别青春的Gary，其实是不应该再看这些对前途无用甚至有毒副作用的片子了。但这些片子中所蕴含的力量却吸引着Gary。浩远也好，小四也好，他们不妥协不屈服豁出一切都抗争精神是Gary所渴望的。可现实还是现实，Gary还是Gary。就在这即将告别青春的年月，为青春献上最后的祭奠吧。</p>
<p>下面是《他们在毕业的前一天爆炸》中浩远最喜欢的一首歌，也算是这部剧的点题歌曲。</p>
<pre>
Life's a struggle -宋岳庭



我睁开双眼踏入这个世界

妈妈给我生命现在让我自生自灭

这让我恐惧在我的眼里每个人都戴着面具

回想过去难道生命就是这样延续？

我抽烟抽得我的肺都黑了

就像整个社会被人心笼罩着它也是黑的

我背着宿命的十字架

也渴望power, paper and respect

我想这大概就是human nature



佛家说烦恼即是菩提我暂且不提

我倒是希望能够回到母体

老妈对不起我时常把你气得跺脚

你说你后悔当初没有把我堕掉

每当我放学回家放下那沉重的背包

家里空无一人只残留着你香水的味道

那时我知道你那天晚上又要加班

我打开冰箱拿出微波炉食品当晚餐

老爸在凌晨两点钟醉醺醺地回家

我从睡梦中醒来只听到你们在吵架

我没有办法专心面对第二天的考试

老师他不喜欢我我也不喜欢老师

我讨厌穿制服我讨厌学校的制度

我讨厌训导主任的嘴脸讨厌被束缚

that's true



很多人不屑我的态度他们说我太cool

警察不爽我都曾将我逮捕

I don't give a fuck about 人家说什么

他们想说什么就说什么但是他们算什么

没有谁有权利拿他的标准衡量我

主宰是我自己随便人家如何想我还是我

爱钱的女人只给凯子摸

不懂得用保险套的人别嫌孩子多

金钱力量虽大却生不带来死不带走

紧握着双拳的人们何时能松开手？



life's a struggle 日子还要过

品尝喜怒哀乐之后又是数不尽的troubles

everyday 有多少问题要去面对

有多少夜痛苦烦恼着你无法入睡…



法庭严肃的空气逼得我快不能呼吸

当时面临着终生监禁的我开始反省

铁栏杆之后又是个截然不同的景象

刑犯们眼神中看不到一点和平的气象

仅有一寸短的铅笔写的是监狱风云

日记上描绘的不是美好的户外风景

自由在他们眼里才是憧憬

放一把自制武器在枕头旁以防随时有人偷袭

有些人怀疑老婆在外偷情

有些人把家人寄来的信件一张一张好好收集

有些人二十四小时几乎在床上休息

有些人精神失常因为受不了打击



三个月如火如荼的漫长等待已过去

出狱后的我得面对三年的缓刑期

这也好一生中第一次感觉到幸福

但生命中的考验何止如此我不清楚

我不知道接下来还有什么会发生

翻开报纸的新闻又是看到放火杀人

还记得某年无意间发现的照片

上面有阿姨对男人施行口交的恶心画面

这简直摧毁了她在我心目中的形象

我无法忘怀照片中那笑容多么淫荡

我抵抗胸口存在着不安及惶恐

我不断听到痛苦的声音在内心怒吼



life's a struggle 日子还要过

品尝喜怒哀乐之后又是数不尽的troubles

everyday 有多少问题要去面对

有多少夜痛苦烦恼着你无法入睡…



不论我走到天南不论我走到地北

不论我走到哪都见识到人心的虚伪

It's kinda funny 在人的眼里只有money

外表好像要帮你却只是想帮他自己

笑容可掬的脸后面谁知道是个狼心狗肺

连朋友都能背叛因为只有名利合他口味

她说她爱你的时候讲的是问心无愧

搞不好她爱的是你身后的荣华富贵

你可曾困惑在你身旁谁是敌是友

对你落井下石的可能就是你的挚友

你可曾经历当你最需要帮助的时候

平常跟你称兄道弟的人都突然失踪



亲爱的神伟大的神

你可以怪我想法太过无知但我只是人

我不信人因为人也不信我

不要问我为什么我最多只能告诉你这就是我

生命像海浪一样有时高有时低

你是否告诉自己坚强渡过各种时期

我从命运的天台放眼却看不到星空

漆黑的天空压在头顶使我不得轻松

在我心中找不到一个安静的角落



我不能再沈睡下去良心彷佛在笑我

它在说：有几天几夜老妈曾经为你以泪洗面

老爸他只顾己见希望之火只见熄灭

我接起电话是老爸憔悴的声音

虽没见面却不难想像他当时的神情

刚听完他最近失业的消息

脑海里马上浮现祖母的话警告我一定要争气



我已经放弃所有哭的理由

因为我早就习惯冷漠活在无情的现实里头

人生要如何起头？改变要如何起手？

当活在泥沼中要如何才能金盆洗手？



life's a struggle 日子还要过

品尝喜怒哀乐之后又是数不尽的troubles

everyday 有多少问题要去面对

有多少夜痛苦烦恼着你无法入睡…
</pre>]]></content:encoded>
      <comments>http://emptyzone.github.io/life/2011/01/26/angry-teens/#disqus_comments</comments>
    </item>
    
  </channel>
</rss>