Menu Sidebar
Menu
Zibin Chen

Zibin Chen

Don't laugh at someone who has the courage to try when you don't.

Access log & error log analysis yields good results

I recently created a python script to analyze Nginx’s access log & a WAF generated error log. The preliminary result looks promising. The script can filter out most malicious & bot traffic with very low false positive on human traffic. I ran the IPs collected by this script against multiple blacklists:

More than 88% of the IPs picked up by the script are already in one of the blacklists, and most of IPs in the remaining 12% are likely to be malicious / bot as well.

I am working on a more in-depth behavior analysis for these two logs in order to detect more advanced bot traffic.

Binary search & linear search with different runtime engines with different array sizes

I am very impressed by the V8 performance. Note that all the test are performed in a “cold start” environment (Chrome will be even faster when it’s pre-warmed). Nginx JS module timing does not include VM creation time, it’s simply how long it takes for Javascript includes to return.

3 arrays are all sorted for both linear search and binary search.

Side note: Check Spectre mitigation info https://developer.mozilla.org/en-US/docs/Web/API/Performance/now

Chrome V8 (Chrome 75.0.3770.100):

Testing performance diff for 864 elements
VM53:39 JS Includes: 0.0004742914331339199
VM53:40 Binary Find: 0.0005485737978535121

badASNRAM1000:
Testing performance diff for 1000 elements
VM35:39 JS Includes: 0.0005819572611686687
VM35:40 Binary Find: 0.000597040518428322

badASNRAM2000:
Testing performance diff for 2000 elements
VM35:39 JS Includes: 0.0006530127825462825
VM35:40 Binary Find: 0.0005997027038064568

badASNRAM2000:
Testing performance diff for 3000 elements
VM35:40 JS Includes: 0.0007289954804322399
VM35:41 Binary Find: 0.0006195246703701701

Nginx Javascript Module (0.3.2):

Testing performance diff for 864 elements
JS Includes: 0.003342809388437308
Binary Find: 0.005385637348037885

Testing performance diff for 1000 elements
JS Includes: 0.003771374694647219
Binary Find: 0.0055713489807288469

Testing performance diff for 2000 elements
JS Includes: 0.007814174083227382
Binary Find: 0.005828488164454793

Testing performance diff for 3000 elements
JS Includes: 0.010571277553177812
Binary Find: 0.006385623062527678

Firefox (67.0.4):

Testing performance diff for 864 elements
JS Includes: 0.002390261262875734
Binary Find: 0.0029657412712555307

Testing performance diff for 1000 elements
JS Includes: 0.0023732933018800486
Binary Find: 0.003145328472371149

Testing performance diff for 2000 elements
JS Includes: 0.003987537159844501
Binary Find: 0.0030871255431054196

Testing performance diff for 3000 elements
JS Includes: 0.005244880168064825
Binary Find: 0.003329855801523445

Android captive

adb shell “settings put global captive_portal_http_url http://captive.v2ex.co/generate_204”;
adb shell “settings put global captive_portal_https_url https://captive.v2ex.co/generate_204”;
adb shell “settings put global captive_portal_fallback_url https://www.google.cn/generate_204”;
adb shell “settings put global captive_portal_other_fallback_urls https://www.qualcomm.cn/generate_204”;

92URL Update

Tweak: Even less recaptcha interactions

I will try to overhaul the internal message passing mechanism — current mechanism was designed 8 years ago, a lot has changed since then.

挺直脊樑 拒做犬儒

戊戌變法、北大建校一百二十年,我們紀念蔡元培校長。在中國近代史上,元培先生當之無愧是現代教育之父。他留給我們的「兼容並包,思想自由」是北大的精神火炬,代代相傳。蔡校長在人們的印象裏總是一個謙謙君子式的思想領袖。其實蔡校長的另外一個側面同樣是萬世師表,那就是一個挺直脊樑、拒絕做犬儒的男子漢。

早年的元培先生為了反抗清朝,一介書生卻豁出命來組織訓練暗殺團,意圖刺殺清朝的官員。在後面的幾十年裏,他只認真理,不畏強權,在北大校長的任上曾先後八次辭職以示抗議:1917年抗議張勛復辟清朝而辭職;1919年5月營救被捕學生而辭職;1919年底和1920年1月支持北京市教職員為薪酬抗議政府而辭職;1922年8月/9月兩次為政府侮辱校長/拖欠教育經費而辭職;1923年抗議教育總長踐踏人權和司法獨立而辭職;1926年抗議政府鎮壓學生而辭職。從這個意義上看,元培先生的「兼容並包,思想自由」是付出了極大的個人犧牲才使得當時的北大空前活躍——既有全盤西化的胡適、也有追求共產主義的陳獨秀李大釗毛澤東、甚至還有天天嚷着復辟清朝的拖辮子的辜鴻銘。各種思想在這裏產生和碰撞。

Freedom is never free. 自由從來不是天上掉下來的,而是有骨氣的人們付出沉重的代價換來的,其中北大的先人多有這樣的典範:胡適一輩子敢於批評蔣介石和國民黨專制;馬寅初堅持自己的學術觀點,在批判之下拒不認錯;林昭在瘋狂的文革年代毫不退縮,隻身和反人類的罪惡鬥爭到底,直至被槍殺。北大之所以成為中國神聖的殿堂,不僅因為她有思想,更因為她有為了理念不惜付出一切的師生。

可是我們也要清醒客觀地看到,上下五千年的歷史,有脊樑的畢竟是少數,更多的是軟骨頭甚至為虎作倀:抗日戰爭裡,中國創了人類歷史上「偽軍比佔領軍多」的記錄;在大躍進、文革中,究竟有多少人是「受蒙蔽」,有多少人是精明地昧着良心、為自保而誣陷同事、為加官進爵而落井下石?

不僅民間「人在屋簷下不得不低頭」,「好死不如賴活着」之類犬儒的生活教條深入人心,高級知識分子裏的無恥之徒絲毫不比普羅大眾少。上古就有在「指鹿為馬」的當口曲意奉承、吮癰舐痔的臣子;當代有郭沫若這樣滿腹詩書的牆頭草;更可怕的是像經過加州理工學院最良好科學訓練的錢學森也連篇累牘地在報紙上為「畝產十幾萬斤」這樣盡人皆知、笑掉大牙的謊言搖旗吶​​喊,而且還舔着臉發「錢學森之問」——殊不知我們沒有科學、人文社科大師的第一原因就是我們的教育系統性地培養精明乖巧的撒謊者,而不是真理的捍衛者:這和知識無關,和人格有關。

這樣的犬儒和無恥何以盛行?除了人性中固有的懦弱和卑微,社會幾千年來對敢言者的持續絞殺當屬首要原因。從文字獄到株連十族,當敢於「一士之諤諤」的人被消滅的時候,負淘汰的結果自然剩下的是「千士之諾諾」。在這種千年嚴酷的條件下,人們甚至被剝奪了保持沉默的權利,而被強迫加入諂媚奉承的大合唱。

不過,在漫長的歷史中總有火種還頑強地燃燒。在北大,蔡元培、馬寅初、胡適、林昭……承載着北大人的傲骨,公民的尊嚴。我們即使做不到振臂一呼,以筆為旗與懦弱卑微做不妥協的抗爭,也至少做到不出賣人的起碼尊嚴和思想獨立。北大人、元培人當共勉。

Where there is darkness,may we bring light

Where there is despair, may we bring hope

Where there is doubt, may we bring faith

Where there is hatred, may we bring love

戊戌雙甲子,諸君拒做犬儒,

北大一二〇 ,師生挺直脊樑。

李沉簡

2018.2.28

北京大學朗潤園

92URL Update

It’s been a while. I finished my finals this morning and worked on the 92URL this afternoon.

I’m now happy to announce that the website has been migrated to PHP 7.2.

Next few versions will be focusing on rewriting the core structure.

Older Posts

XBB

Eternal vigilance is the price of liberty

© 2024 XBB | Eternal vigilance is the price of liberty