你好 [nǐhǎo]

This is possible using the Ibus input framework that comes with Ubuntu. The support for pinyin romanisation is provided in the ibus-m17n package. This must first be installed.

sudo apt-get install ibus-m17n

Once installed, restart Ibus and add the input method in the menu as in the screenshot below.

You should now be able to activate the input method. Simply type the pinyin for a character preceded by the tone number (ranging from 1 to 4).

534 Protection level negotiation failed.

In this case, you need to add the following line to the bottom of your /etc/lftp.conf file

set ftp:ssl-protect-data yes

Now try connecting again and hopefully everything should work ok – it sorted my problems when I was trying to connect to the Leeds University SFTP servers using lftp on Ubuntu 9.10 (Karmic).

使用 SSH 翻墙
我曾经介绍过如何使用 SSH 来建立一个 SOCKS 代理服务器，让你能够在 Firefox 里正常访问以上所提起的网址。然而不是所有 Linux 软件都能支持代理服务器。如果你最热爱的 Linux 工具需要访问”被封”的网站，又没有嵌入的代理支持，该怎么办呢？
遇到这种情况当然不要放弃该软件… 毕竟我们用的系统是 Linux 而不是以前让我们咳声叹气，丧失信心的 Windows，总有一个方法去解决问题。

举个例子吧
我不久前发现了 Twitter 这个网站。我一开始不经常用，也搞不明白别人为什么对这个 web 2.0 服务都着了迷。后来我在推特上跟的人越来越多，跟着我的人亦是日益增多，不知不觉我也迷上了该网站，天天都会上。凡是经常用推特的人一般都会用一个推特的客户端，这才能跟得上朋友们的状态更新和最火热的网络新闻。本人作为 Ubuntu 的用户，我自然就选了 Gwibber 这个基于 GNOME 的客户端来访问我的推特。这个软件功能很丰富，用起来得心应手，不过总有一个问题让我有点遗憾，就是 Gwibber 还不听从 GNOME 的代理设置。平时这也不是一个很大的问题，但是每遇中国网络封锁较严重时，都会让我暂时无法使用该软件。

解决方案… Tsocks
经过几个 Google 搜索，我最终很高兴地发现 Linux 有一个能够强迫任何软件通过 SOCKS 代理上网的工具，其名就是 tsocks。Tsocks 是一个透明 SOCKS 代理软件，只要你电脑有一个连接到国外服务器的 SSH 隧道，你就能让任何软件翻墙。

安装并配置 Tsocks
以下说明都是为了那些使用 Ubuntu 的 Linux 用户，不过在别的 Linux 发行版下，安装的过程应该与此差不多。

在终端中:

sudo apt-get install tsocks

修改配置文件:

sudo nano /etc/tsocks.conf

将其内容改成以下几行并保存退出:

local = 192.168.1.0/255.255.255.0 #local表示本地的网络，也就是不使用socks代理的网络
server = 127.0.0.1 # SOCKS 服务器的 IP
server_type = 5 # SOCKS 服务版本
server_port = 9999 ＃SOCKS 服务使用的端口

你可能需要修改一下以上内容，用你自己的 SSH 隧道设置。

运行软件
用 tsocks 运行你的软件很简单，在终端中:

tsocks 你的软件 &

我现在运行 Gwibber 都是这样运行的:

tsocks gwibber &

祝你们翻墙愉快！

EDIT—————–>

我今天还发现了另外一个工具，其功能似乎比 tsocks 要更丰富，配置起来更简单，而且不会那么容易出错。这个工具就是 proxychains。以下有配置方法:

sudo apt-get install proxychains

修改配置文件 (/etc/proxychains.conf)，应该如下：

# proxychains.conf  VER 2.0
#
#        HTTP, SOCKS4, SOCKS5 tunneling proxifier.
#

# The option below identifies how the ProxyList is treated.
# only one option should be uncommented at time,
# otherwise the last appearing option will be accepted
#
# Dynamic - Each connection will be done via chained proxies
# all proxies chained in the order as they appear in the list
# at least one proxy must be online to play in chain
# (dead proxies are skipped)
# otherwise EINTR is returned to the app
#
# Strict - Each connection will be done via chained proxies
# all proxies chained in the order as they appear in the list
# all proxies must be online to play in chain
# otherwise EINTR is returned to the app
#
# Random - Each connection will be done via random proxy
# (or proxy chain, see  chain_len) from the list
# this option is good for scans

dynamic_chain
#strict_chain
#random_chain

# Make sense only if random_chain
chain_len = 2

# Quiet mode (no output)
#quiet_mode

# Write stats about good proxies to proxychains.stats
#write_stats

#Some timeouts in milliseconds
#
tcp_read_time_out 15000
tcp_connect_time_out 10000

[ProxyList]
# ProxyList format
#       type  host  port [user pass]
#       (values separated by 'tab' or 'blank')
#
#
#        Examples:
#
#            	socks5	192.168.67.78	1080	lamer  secret
#		http	192.168.89.3	8080	justu	hidden
#	 	socks4	192.168.1.49	1080
#	        http	192.168.39.93	8080
#
#
#       proxy types: http, socks4, socks5
#        ( auth types supported: "basic"-http  "user/pass"-socks )
#
#http 	10.0.0.5 3128
socks5 127.0.0.1 9999
socks4 127.0.0.1 9050

注意事项:

1. 要选 dynamic_chain 而不是 random_chain
2. 可以列举几个代理服务器，proxychains 会按顺序用，代理无法访问即自动选用下一个
3. 代理服务器要根据自己电脑的情况自行调整

运行 proxychains
运行 proxychains 跟运行 tsocks 完全一样。在终端中:

proxychains 你的软件 &

比如说:

proxychains chromium-browser &

我还是推荐你使用 proxychains！

然而我今天看到了这个贴子，这才发现还可以使用一个普通的网站主机作为我的代理服务器。与 Amazon EC2 不同，普通的网站主机是 24/7 运行的，而且你本来就要用它做你的网站，不用额外花钱。以上帖子是专门写给使用 Dreamhost 的 Windows 用户。不过，凡是有支持 SSH 服务网站主机的 Linux 用户也可以享受翻墙的自由感。我为 Linux 用户编了一个小的 BASH 脚本，其主要功能为:

• 与网站主机创建一个 SSH 隧道连接
• SSH 隧道用完之后，安全地关闭 SSH 隧道连接

用这个脚本，我试了一下上平时被 GFW 封杀的 youtube.com… 结果 Firefox 差点让我晕倒了! 用这个代理，网速快极了… 感觉好像我还在英国上网似的 (那边一般都用 8M 以上的宽带) – 你可以看一下视频:

介绍一下脚本的内容

export SSH_HOST=admin@yoursite.com # username@host

这个需要你自己改一下… 就是你的 webhost 给你的 SSH 用户名和主机地址。 格式为 用户名@地址 （凡是用过 SSH 的人都应该知道写什么）

if [ ! -f /tmp/.tunnel ]

看看是否已经有 SSH 隧道开着。有的话就将其关闭。没有就创建新的 SSH 隧道。

ssh -f -D 9999 $SSH_HOST "if [ -f ~/.tunnel ]; then rm ~/.tunnel; fi; while [ ! -f ~/.tunnel ]; do echo > /dev/null; done" &

创建新的 SSH 隧道，设定本地 SOCKS 端口为 9999。隧道将会开着直到远程目录 “~/” 里有人创建 .tunnel 此文件为止。

touch /tmp/.tunnel

在你的电脑上创建 .tunnel 这个文件。这样脚本就知道正开着一个 SSH 隧道。

ssh $SSH_HOST "touch ~/.tunnel"

在远程目录 “~/” 里创建 .tunnel 此文件，这将会断开你电脑与代理服务器的连接

rm /tmp/.tunnel

删除 .tunnel 这个文件。这样脚本就知道 SSH 隧道已关闭。

下载并执行脚本
可以在此下载脚本

下载后放在你的首目录，比如在 ~/bin/。用一个文字编辑器修改脚本里的 ssh 变量并用 chmod 改一下文件权限

chmod u+x tunnel.sh

创建连接
在终端中执行脚本，执行后可以关闭终端。

关闭连接
再次在终端中执行脚本并关闭 Firefox (如果 Firefox 还在用隧道的话，连接暂时无法关闭)

用 SSH 密钥进行授权
你或许注意到了… 以上脚本里没有任何地方可以写下你的 SSH 密码。这就是因为我在用 SSH 密钥来进行电脑与服务器的授权工作，这样更自动化而且比将密码直接写入文本的文件里要安全多了。先打开一个终端，根据一下步骤进行密钥配置:

[jonolumb@jonoxps .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jonolumb/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/jonolumb/.ssh/id_rsa
Your public key has been saved in /home/jonolumb/.ssh/id_rsa.pub
The key fingerprint is:
h7:10:49:46:ab:2t:3b:a3:36:2z:15:56:d4:f2:b7:3d jonolumb@jonoxps

请注意，配置时密码要留为空白。

将生成的 /home/jonolumb/.ssh/id_rsa.pub 的内容复制到远程服务器目录下，具体位置是:
~/.ssh/authorized_keys
要保证远程的 authorized_keys 和 本地的 id_rsa 文件的权限均为 700。
这样就可以自动登录到远程服务器了。

配置 Firefox 使用代理
创建了 SSH 隧道之后，就进入 Firefox 并打开:

首选项 --> 高级 --> 连接设置

选择“手动配置代理”并将其设定为:
HTTP 代理: localhost 端口: 9999

如果你用这个脚本遇到什么问题，请跟我取得联系。我很想听你们的意见。谢谢！

Docky ‘Intellihide’ Feature
Previously when using Docky at the bottom of the screen, you had two options. You could either have the dock open permanently or you could enable the auto-hide feature. Having the dock there permanently certainly facilitates speedy opening of programs but in reality, it is hardly ideal – what with it getting in the way of all your windows and not allowing you to click on anything at the bottom of the screen. The autohide option is probably the way most people went – but this means that the dock is never visible until you drag the mouse pointer down to the bottom of the screen – which makes opening programs using the dock rather cumbersome.

This contradiction has now been resolved with a new feature called ‘intellihide’. If selected, the dock will automatically hide itself when there are full screen programs open on the desktop or when windows are too near the bottom of the screen. However, Docky can still be accessed at all times by dragging the mouse down to the bottom of the desktop. If no programs are open on the desktop and nothing is blocking the bottom of the screen, Docky will pop back up again and stay at the bottom of your screen allowing you fast, easy access to your most used programs when you need them.

Docky Top and Bottom Orientation
Whilst previously Docky could only be placed at the bottom of your screen, you can now have your favourite dock floating around at the top of your screen now – giving you even more possibilities for desktop customisation.

Improved Flickr Uploading
The Flickr upload plugin now provides more feedback on upload progress. Unlike previously where there would simply be a Gnome-Do icon displayed in the system tray, the Flickr uploader now has it’s own window and tells you when the upload has completed successfully.

Better UI and Graphics Perfomance
Your mileage may vary depending on what hardware and drivers you are using but I have noticed that the dock animations seem much smoother than before. Furthermore, there are some lovely coloured lighting effects on dock icons for the application which is active in the current window. You can now also change the zoom and icon size settings with sliders rather than dragging “handles” on the dock itself.

Docklets
I’ve tried installing this feature with:

sudo apt-get install gnome-do-docklets

But it says that it can’t find this package or something along those lines. It sounds like an exciting feature but I’ll have to wait until I can get it working before I can provide more details. All I can find at the moment is information about a nifty looking Weather Docklet which is documented on the Do Wiki.

Apart from the things I mentioned above, there are now a lot of new plugins available for Gnome-Do and localisation is better than before – with most of the program and some plugins now available in other languages. There are probably plenty of other things that have so far gone unnoticed so please leave me a message in the comments if I missed anything important.

Solutions
I started to look around for other possible proxy solutions but most pay-for proxies are charged on a monthly basis and are fairly expensive. Furthermore, there is always the possibility that the authorities here are already aware of the IP ranges of some commercial proxy servers and so you run the risk of being blocked out yet again. What I really needed was a pay as you go proxy server where you would only be charged when you actually use the server and for the amount of bandwidth used. I then came accross a post on Duane Storey’s blog which described how he created an Amazon EC2 instance which could be used to make a proxy server available that was only to Iranian web users. Duane’s solution involves his own custom Fedora image which has Apache setup to run as a web proxy. This setup was pretty much exactly what I needed – except that I would need to make sure the Proxy server only allowed my own computer to connect rather than making it a public proxy server accessible to Iranians. After a bit of testing, I managed to get something going and was pleased to see that the proxy was very speedy indeed!

Cheap Proxy Server
Amazon EC2 Instances currently cost $0.10 USD per hour to run plus bandwidth charges (which for standard web browsing will be negligent). This gives Amazon EC2 the potential to be an incredibly cheap on-demand proxy server. Finally you only pay for what you use rather than paying an extortionate monthly rate.

Automation
The next thing to do was to automate the server setup process as entering all the necessary commands into a terminal can be cumbersome and time consuming. I used a unix shell script to accomplish the following steps:

1. Create an Amazon EC2 Fedora instance which is configured to run Apache as a proxy server.
2. Connect to Amazon EC2 instance via SSH and modify the Apache configuration file to only allow the client’s computer to connect to the server.
3. Restart Apache to apply changes.
4. (Optional) Assign an Amazon Elastic IP Address to the Instance which can be used to access the HTTP Proxy. The script prints the IP address assigned to the proxy server in the terminal – this IP address can then be pasted into your web browsers proxy configuration settings.
5. (Optional) Create a secure SSH HTTP Tunnel to the proxy server on port 9999. Clients can connect by changing browser network settings to a SOCKS 5 proxy on localhost:9999.
6. The script then waits for keyboard input “stop” upon which the SSH HTTP tunnel will be closed, the Amazon EC2 Instance shutdown and any Amazon Elastic IP addresses released.

The script is designed to work on Ubuntu (Jaunty 9.04) but should also work on other Linux Operating Systems and possibly on Mac OS X too. Before you can get it up and running there is some preliminary preparation which is necessary.

Step 1: Sign up for an account and setup AWS
Before you can use Amazon Web Services, you need to sign up for an account at http://aws.amazon.com/.

This will give you two keys that you will need for accessing your Amazon Web Services: your “access key” and your “secret access key”. Once complete, you then need to sign up for Amazon’s Elastic Compute Cloud (EC2) service. As part of signing up for EC2, you will create an X.509 certificate. You will need to save your private and public keys in ~/.ec2 on your local machine. All this is described in more detail in the AWS “Getting Started Guide” under Setting up an account.

Step 2: Download and install EC2 command line tools
The process of setting up the tools is described under Setting up the Tools in AWS “Getting Started Guide“. Just do what that page says and note down the location of the tools directory.

Step 3: Generate an SSH keypair, disable strict key checking
Follow the instructions here to generate an SSH keypair to be used in combination with your Amazon EC2 Instance. The RSA private key generated needs to be placed in your ~/.ssh folder and should be given 600 permissions.

chmod 600 your_rsa_key

Another important thing for the script to work is to set OpenSSH to disable Strict Host Key Checking for amazon domains only. This has only minor security implications and is vital if you want the whole server setup process to be automated.

In ~/.ssh/ create a file called config and put the following text inside:

Host *.amazonaws.com
StrictHostKeyChecking false

Give the file the right permissions

chmod 600 ~/.ssh/config

Finally, you need to open up ports in the EC2 firewall to allow SSH connections to the server instance that is created by the script. This can be done with the following command from the EC2 command line tools:

ec2-authorize default -p 22

Step 4: Install Curl
The shell script uses a command line utility called curl to determine the external IP address of your computer – hence allowing you exclusively to connect to the proxy server. On Ubuntu, curl can be installed using apt-get.

sudo apt-get install curl

Step 6: Download the script and configure variables
First download the autoproxy archive to somewhere in your home folder and uncompress it. You then need to make the shell script executable

chmod u+x autoproxy.sh

Open the file in a text editor and make changes to the below variables to fit your own setup:

export EC2_HOME=/home/username/folder/ec2

This is the location of the EC2 command line tools which were installed during Step 2.

export EC2_PRIVATE_KEY=~/.ec2/pk-LSOEEFCT2IYW74BHFUIHHSBE63H4GM77.pem

This is the location of your Amazon EC2 Private Key file which you generated when creating your AWS account.

export EC2_CERT=~/.ec2/cert-LSOEEFCT2IYW74BHFUIHHSBE63H4GM77.pem

This is the location of your Amazon EC2 Certificate file which you generated when creating your AWS account.

export JAVA_HOME=/usr/lib/jvm/java-6-sun/jre

Location of Java on your computer.

If you don’t know where Java is installed on your computer you can follow symbolic links in a terminal to find it:

ls -l /usr/bin/java

/usr/bin/java -> /etc/alternatives/java

ls -l /etc/alternatives/java

/etc/alternatives/java -> /usr/lib/jvm/java-6-sun/jre/bin/java

export ssh_key=~/.ssh/id_rsa-gsg-keypair

Location of your Amazon EC2 SSH private RSA key (created in Step 3). This should be located in ~/.ssh and needs 600 permissions.

export autoproxy=/home/username/autoproxy

Location of the autoproxy folder that you downloaded.

Running the script
To run the script, open up a terminal and type the following:

cd /home/*username*/autoproxy/
./autoproxy.sh

Browser Config
If you chose to use an Amazon Elastic IP Address to access your proxy server, the script should output the address in the terminal once the proxy server is setup. In your browser you simply need to enter the proxy setup section and choose “HTTP Proxy” using the Amazon Elastic IP Address and port 80.

If you chose to use an SSH HTTP Tunnel to connect to access your proxy server, in your browser enter the proxy setup section and choose “SOCKS 5″ with the address as localhost on port 9999.

Disclaimer
Whilst using an Amazon EC2 Instance as a personal proxy server should not be a problem, it appears that Amazon do not approve of use of EC2 instances as public proxy servers available to the masses. For this reason please make sure you limit access to the proxy to your computer only as configured in the script. Use this script at your own risk. I cannot be held responsible for any undesired consequences that result from its use.

Anyway, have a try and see how you get on. Don’t hesitate to get in touch if you have any questions. I’ve spent quite a bit of time on this and I hope that it can help some other people out. I would appreciate any feedback or suggestions

After using QQ under Pidgin for a while, I found that sometimes there would be problems on login and that Pidgin would sometimes automatically disable QQ after a number of failed login attempts. It turns out that this can be easily fixed by selecting “Manage Accounts” and then “Modify” for the QQ account.

In the advanced settings tab, make sure that QQ2008 is selected (the default may well be QQ2005). It seems that this later version is more stable and login should no longer be a problem.