Background

New NTFS Driver Misses Out On Linux 5.12 But Revved A 22nd Time
NTFS read-write driver GPL implementation by Paragon Software

Get kernel source rpm

Enable the rawhide repo.

~]# dnf se rawhide
...
======================= Name & Summary Matched: rawhide ========================
fedora-repos-rawhide.noarch : Rawhide repo definitions
fedora-repos-rawhide-modular.noarch : Rawhide modular repo definitions
rpmfusion-free-release-rawhide.noarch : RPM Fusion Rawhide free repo definitions

~]# dnf in fedora-repos-rawhide fedora-repos-rawhide-modular
~]# dnf repolist --all
repo id                                   repo name                     status
fedora                                    Fedora 33 - x86_64            enabled
...
rawhide                                   Fedora - Rawhide - Developmen disabled
rawhide-debuginfo                         Fedora - Rawhide - Debug      disabled
rawhide-modular                           Fedora - Modular Rawhide - De disabled
rawhide-modular-debuginfo                 Fedora - Modular Rawhide - De disabled
rawhide-modular-source                    Fedora - Modular Rawhide - So disabled
rawhide-source                            Fedora - Rawhide - Source     disabled
...

~]# dnf list --disablerepo=\* --enablerepo=rawhide-source kernel\*
...
Available Packages
kernel.src                5.12.0-0.rc0.20210225gitc03c21ba6f4e.160.fc35 rawhide-source
kernel-headers.src        5.11.0-1.fc35                                 rawhide-source
kernel-srpm-macros.src    1.0-4.fc34                                    rawhide-source
kernel-tools.src          5.11.0-1.fc35                                 rawhide-source
kernelshark.src           1:1.2-3.fc34                                  rawhide-source

Download SRPM and install it.

~]# dnf download --source --disablerepo=\* --enablerepo=rawhide-source kernel

~]# rpm -ivh kernel-5.12.0-0.rc0.20210225gitc03c21ba6f4e.160.fc35.src.rpm
warning: kernel-5.12.0-0.rc0.20210225gitc03c21ba6f4e.160.fc35.src.rpm: Header V4 RSA/SHA256 Signature, key ID 9867c58f: NOKEY
Updating / installing...
   1:kernel-5.12.0-0.rc0.20210225gitc0warning: user mockbuild does not exist - using root
...

Modify kernel.spec.

~]# diff ~/rpmbuild/SPECS/kernel.spec kernel.spec
99c99
<
---
> %define buildid .ntfs3
762a763,772
> Patch999901: 0001-ntfs3-01.patch
> Patch999902: 0001-ntfs3-02.patch
> Patch999903: 0001-ntfs3-03.patch
> Patch999904: 0001-ntfs3-04.patch
> Patch999905: 0001-ntfs3-05.patch
> Patch999906: 0001-ntfs3-06.patch
> Patch999907: 0001-ntfs3-07.patch
> Patch999908: 0001-ntfs3-08.patch
> Patch999909: 0001-ntfs3-09.patch
> Patch999910: 0001-ntfs3-10.patch
1264a1275,1284
> ApplyOptionalPatch 0001-ntfs3-01.patch
> ApplyOptionalPatch 0001-ntfs3-02.patch
> ApplyOptionalPatch 0001-ntfs3-03.patch
> ApplyOptionalPatch 0001-ntfs3-04.patch
> ApplyOptionalPatch 0001-ntfs3-05.patch
> ApplyOptionalPatch 0001-ntfs3-06.patch
> ApplyOptionalPatch 0001-ntfs3-07.patch
> ApplyOptionalPatch 0001-ntfs3-08.patch
> ApplyOptionalPatch 0001-ntfs3-09.patch
> ApplyOptionalPatch 0001-ntfs3-10.patch
1304c1324
< cp $RPM_SOURCE_DIR/kernel-*.config .
---
> cp $RPM_SOURCE_DIR/kernel-x86_64*.config .

Modify kernel-local.

~]# cat kernel-local
# This file is intentionally left empty in the stock kernel. Its a nicety
# added for those wanting to do custom rebuilds with altered config opts.
CONFIG_NTFS3_FS=m
# CONFIG_NTFS3_64BIT_CLUSTER is not set
# CONFIG_NTFS3_LZX_XPRESS is not set
# CONFIG_NTFS3_FS_POSIX_ACL is not set

Generate new SRPM.

~]# cp *.patch kernel-local ~/rpmbuild/SOURCES/
~]# cp kernel.spec ~/rpmbuild/SPECS/

~]# rpmbuild -bs ~/rpmbuild/SPECS/kernel.spec

Build with copr and install it.

~]# copr build kernel-macbook ~/rpmbuild/SRPMS/kernel-5.12.0-0.rc0.20210225gitc03c21ba6f4e.160.ntfs3.fc33.src.rpm

~]# dnf copr enable pany/kernel-macbook
~]# dnf up kernel

Or build with better perfomance server.

~]# mock -r fedora-33-x86_64 --rebuild kernel-5.12.0-0.rc0.20210225gitc03c21ba6f4e.160.ntfs3.fc33.src.rpm

Or build with current fedora.

~]# dnf in bison dwarves elfutils-devel gcc-c++ gcc-plugin-devel net-tools nss-tools perl-devel perl-generators pesign -y
~]# rpmbuild -bb ~/rpmbuild/SPECS/kernel.spec

Without copr, install the RPM.

~]# dnf in ./kernel-{,core-,modules-}5.12.0-0.rc0.20210225gitc03c21ba6f4e.160.ntfs3.fc33.x86_64.rpm

Try NTFS3 driver

Reboot to new kernel.

~]# modprobe ntfs3
~]# lsmod | grep ntfs3
ntfs3                 245760  1

~]# lsblk /dev/sdc
NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sdc      8:32   0 931.5G  0 disk
├─sdc1   8:33   0    16M  0 part
└─sdc2   8:34   0 931.5G  0 part
~]# mount -t ntfs3 /dev/sdc2 /media/
~]# mount | grep sdc2
/dev/sdc2 on /media type ntfs3 (rw,relatime,nls=utf8)

~]# cp kernel-{,core-,modules-}5.12.* /media/
~]# ls /media/
'$RECYCLE.BIN'/
 kernel-5.12.0-0.rc0.20210225gitc03c21ba6f4e.160.fc35.src.rpm
 kernel-5.12.0-0.rc0.20210225gitc03c21ba6f4e.160.ntfs3.fc33.x86_64.rpm
 kernel-core-5.12.0-0.rc0.20210225gitc03c21ba6f4e.160.ntfs3.fc33.x86_64.rpm
 kernel-modules-5.12.0-0.rc0.20210225gitc03c21ba6f4e.160.ntfs3.fc33.x86_64.rpm
'System Volume Information'/

So far so good.

对业务虚拟机的系统盘做一个快照，每次开机之前或关机之后自动还原快照，就可以避免 Windows 异常之后虚拟机无法修复的情况。

需求分析

• 加 -snapshot 参数做不到只对 vda 加快照
• 加了 -snapshot 参数的机器，如果要更新 vda 需要至少两次重启虚拟机（关机->解快照->开机->更新->关机->加快照->开机）
• 尝试单纯使用 libvirt hooks 来实现，发现其有两个限制：
• libvirt hooks 不能回调 libvirt API，会无限递归
• 不像 VDSM hooks，libvirt hooks 无法修改 libvirt XML

潜在的解决方案有几种：

• 对 qemu-kvm 进行包装（wrap）替换原生的程序
• 自行修改 libvirt 源代码，重新编译
• 使用外部配置文件进行控制是否加快照，使用 libvirt hooks 进行快照自动还原

解决方案

最终选择最后一种方案，简单有效。

• 外部配置文件来控制是否加「快照自动还原」
• libvirt hooks 来控制每次开机的时重置快照
• 如果要单次更新 vda，关机后做一次 commit
• hook 需要命名为 /etc/libvirt/hooks/qemu，因为 libvirt 6.5.0 之后才支持 /etc/libvirt/hooks/qemu.d/ 路径

基本逻辑

• 假设虚拟机有两个虚拟磁盘设备 vda 和 vdb，现在需要令 vda 自动还原快照，vdb 不做快照
• 假设 vda 的虚拟磁盘文件为 os.img
• 虚拟机开机之前，将 os.img 重命名为 os.img.backing_file （如果该文件已存在，则不进行重命名）
• 以 os.img.backing_file 作为 backing_file 创建 os.img
• 虚拟机开机，会根据其 libvirt xml 文件查找其虚拟磁盘文件，即 os.img
• 虚拟机运行，增量内容写入到 os.img
• 虚拟机关机，查询外部配置文件，是否要做「单次提交」
• 如果需要，做「单次提交」并修改配置文件，将「单次提交」标记为否
• 「提交」的意思是将一个 os.img 中的内容写入到其 backing_file 中
• 将 os.img.backing_file 重命名回 os.img（完成对增量内容的覆盖）

示例说明

#!/usr/bin/env python3

import json
import logging
import shlex
import subprocess
import sys
import xml.etree.ElementTree as ET
from pathlib import Path


class Config:
    def __init__(self, configFile):
        self.configFile = configFile
        with open(self.configFile, "r") as f:
            self.config = json.load(f)
        self.disks = self.config["disks"]

    def report(self):
        """ Do a one-shot-commit, then change the config file. """
        with open(self.configFile, "w") as f:
            json.dump(self.config, f, indent=2)


def getHookDetails():
    raw_xml = "".join((sys.stdin.readlines()))
    logging.info(str(sys.argv))
    return raw_xml


def getFilePath(target, domXML):
    XML = ET.fromstring(domXML)
    pattern = f"./devices/disk/target[@dev='{target}']..[@device='disk']"
    disk = XML.find(pattern)
    diskXML = ET.tostring(disk).decode()
    target_path = disk.find("source").get("file")
    logging.debug(f"Disk XML Dump:\n{diskXML}")
    return target_path


class SnapshotAutoRevert:
    def __init__(self, domName, qcow2_file):
        """ Take qcow2 file path as argument, which will be auto reverted in every VM life cycle. """
        self.domName = domName
        self.qcow2_file = qcow2_file

    def renameToBackingFile(self):
        if not Path(f"{self.qcow2_file}.backing_file").is_file():
            Path(self.qcow2_file).rename(f"{self.qcow2_file}.backing_file")
            logging.info(f"{self.domName} Rename origin image to backing_file")

    def createSnapshot(self):
        logging.info(f"{self.domName} Create a snapshot based on origin image")
        cmd = (
            f"qemu-img create -f qcow2 {self.qcow2_file} "
            f"-b {self.qcow2_file}.backing_file -F qcow2"
        )
        args = shlex.split(cmd)
        with subprocess.Popen(args, stdout=subprocess.PIPE) as proc:
            logging.info(proc.stdout.read().decode())

    def commitSnapshot(self):
        logging.info(f"{self.domName} Commit the snapshot")
        cmd = f"qemu-img commit {self.qcow2_file}"
        args = shlex.split(cmd)
        with subprocess.Popen(args, stdout=subprocess.PIPE) as proc:
            logging.info(proc.stdout.read().decode())

    def revertSnapshot(self):
        Path(f"{self.qcow2_file}.backing_file").rename(self.qcow2_file)
        logging.info(f"{self.domName} Revert to origin image, delete snapshot")


def main():
    hookPath = Path(sys.argv[0])
    domName = sys.argv[1]
    domAction = sys.argv[2]
    configFile = Path.joinpath(hookPath.parent, "config", f"{domName}.json")
    if not configFile.exists():
        exit(0)
    vmConfig = Config(configFile)
    domXML = getHookDetails()
    logging.debug(f"Config before: {vmConfig.config}")

    index = -1
    reportFlag = False
    for disk in vmConfig.disks:
        index += 1
        logging.info(disk["target"])
        target_file = getFilePath(disk["target"], domXML)
        commitFlag = disk["one-shot-commit"]
        AutoRevert_target = SnapshotAutoRevert(domName, target_file)

        if domAction == "prepare":
            AutoRevert_target.renameToBackingFile()
            AutoRevert_target.createSnapshot()
        elif domAction == "release":
            if commitFlag:
                AutoRevert_target.commitSnapshot()
                vmConfig.config["disks"][index]["one-shot-commit"] = False
                reportFlag = True
            AutoRevert_target.revertSnapshot()

    if reportFlag:
        vmConfig.report()
        logging.debug(f"Config after: {vmConfig.config}")


if __name__ == "__main__":
    logging.basicConfig(
        filename="/var/log/libvirt/qemu/hooks.log",
        format="%(asctime)s %(message)s",
        level=logging.INFO,
    )

    main()

hook 需要命名为 /etc/libvirt/hooks/qemu，因此在有快照的机器上查看该文件即可读取源代码。

配置文件位置 /etc/libvirt/hooks/config/{vm_name}.json （每个虚拟机使用各自的配置文件）。

{
  "disks": [
    {
      "target": "vda",
      "one-shot-commit": true
    },
    {
      "target": "sdb",
      "one-shot-commit": false
    }
  ]
}

该配置文件的含义是对 {vm_name} 这个虚拟机设置针对 vda 和 sdb 快照自动还原，当该虚拟机的此次生命周期结束之后，对其 vda 进行「单次提交」（维护操作），提交之后该配置文件会被更新为如下内容：

{
  "disks": [
    {
      "target": "vda",
      "one-shot-commit": false
    },
    {
      "target": "sdb",
      "one-shot-commit": false
    }
  ]
}

在一个典型的业务宿主机上，常见的配置文件如下所示：

{
  "disks": [
    {
      "target": "vda",
      "one-shot-commit": false
    }
  ]
}

意思就是「只针对 vda 做快照自动还原，正常工作，不做单次提交」，没有 vdb 或 sdb，就不会对这些虚拟磁盘做快照。

如果找不到虚拟机的配置文件，就不会对虚拟机做快照。

如果配置文件是非法的 json 格式，该虚拟机不会启动。

相关日志会输出到 /var/log/libvirt/qemu/hooks.log。

想查看一台虚拟机是否运行在「快照自动还原」模式下，可以在虚拟机运行过程中执行 virsh dumpxml vm_name | grep backing_file ，如果有结果，就代表该机器当前运行在「快照自动还原」模式下。此时，如果想使虚拟机中的更新内容固化下来，可以直接去修改其 hook 配置文件 /etc/libvirt/hooks/config/{vm_name}.json，将 "one-shot-commit" 改为 true 即可。虚拟机生命周期结束时，会由 hook 脚本来执行「单次提交」并自动将 "one-shot-commit" 改为 false

Searx is a free internet metasearch engine which aggregates results from  more than 70 search services. Users are neither tracked nor profiled.  Additionally, searx can be used over Tor for online anonymity.

Follow the installation guide, git clone the repository and use docker to build and run searx.

2 tips:

• Change SELinux policy to allow searx to connect to Google

$ setsebool -P httpd_can_network_connect 1

• Avoid nginx loop redirecting

server {
	#...
	location / {
		proxy_pass http://127.0.0.1:8888;
		#...
		proxy_redirect off;
	}
}

BTW, there was a saying – Φιλοσοφία Βίου Κυβερνήτης, which means "Love of wisdom is the guide of life" or "Philosophy is the governor of one's life." The abbreviation ΦΒΚ also named the oldest academic honor society in US.

It was smooth just at the beginning:

• Add debian unstable source

# /etc/apt/sources.list.d/unstable.list

deb https://mirrors.ustc.edu.cn/debian/ unstable main

• Configure apt preference

# /etc/apt/preferences.d/limit-unstable

Package: *
Pin: release a=unstable
Pin-Priority: 90

• Update Raspberry Pi kernel

sudo rpi-update

• Install Linux Headers

sudo apt install raspberrypi-kernel-headers

• Install WireGuard

sudo apt install wireguard

• Clone WireGuard source code

git clone https://git.zx2c4.com/WireGuard

But when I tried to run the client script:

sudo WireGuard/contrib/examples/ncat-client-server/client.sh

BOOM!!

RTNETLINK answers: Operation not supported

According to StackExchange, I need to compile the kernel and customize the configuration to get iproute2 to work.

Sigh. Add it to the TO-DO list.

为村中「奶奶庙」打扫，见此古碑，没想到其历史竟如此悠久。感叹之余，将正面碑文整理抄录如下：

重修觀音堂碑記

蓋聞天地以生民為心，菩薩即以保民為念。第人心未能以輸其誠，致神功無由以顕其效也。本村舊有觀音堂一座，不知創自何時，至乾隆二十九年重修迄於今代。遠年湮风雨損壞，殊令人目覩而心傷矣。不禁合村人等各施貲財，且募化四方，復為重修之舉。故峻宇雕牆、丹楹刻桷為神靈謀，非為觀瞻計也。告竣之後，庶幾趨蹌得其所，拜跪有所憑。人心以將其誠，亦神功無不見其效焉。

邑庠生姚得勤撰文書丹。

會首：姚士銀、姚思節

理事：姚思誠、姚得儉、姚得江、姚清年、姚士宗

掌賬：姚得勤、姚思節、姚賀年、姚清年

買辦：姚得節、姚文心

總催：元春才

監工：姚思榮、姚士儉、元中美、姚思正、姚士經、元春榮、姚有財

大清光緒二十三年四月十八日立

其二：奶奶庙萬古流芳碑

多年之后，庙宇重修，新立石碑，誊录如下：

重修奶奶庙碑記

「南海菩萨庙」，普称「奶奶庙」。根据旧庙碑文記载及老人续传，「奶奶庙」含意隽永。清咸丰年间，医药落后，民遭瘟疫，伤亡甚大。阖众求菩萨聖予慈悲，当日得稳。众感大恩，於光绪三年重加修补彩画。一九四七年遭战火，庙宇被毁。一九六三年洪水袭击，片瓦不存，赤身移至此。国家照顾，重建家园，奶奶庙因条件限制，有恩难报。聖宇未得安所，众常怀记在心，时至必成。一九九六年，全村大众齐心合意，重建聖宇，集资备料。一九九七年秋后，聖殿竣工。二零一零年村里硬化街道，奶奶庙限于低洼，众议重建。随于二零一二年三月十八日起工，至四月十九日落成。

公元二零一二年农历七月初六立

依家父听闻，旧碑曾于一九六三年洪水中失落，约于二零一六年被另一村庄村民挖沙时发现，见上有元氏先人「元春才」名讳，打听至本村，方得以送还。故而新旧碑文中故事有所出入，亦情有可原。

区区墟里，虽无大传名志，藉此庙碑亦可使后人管窥白云苍狗。时过境迁，万物刍狗。「不问鬼神问苍生」，且读碑文所载先人拳拳之意，仍感心有戚戚焉。

brew cask install squirrel

Then reboot Mac.

II. Download RIME schema installation script

git clone https://github.com/rime/plum.git
cd plum
bash rime-install wubi pinyin-simp

III. Create custom configuration file

vim ~/Library/Rime/default.custom.yaml

Add content below:

patch:
  schema_list:
    - schema: wubi_pinyin
    - schema: luna_pinyin_simp

Then create a squirrel.custom.yaml in the same direction:

patch:
  style:
    color_scheme: mojave_dark
    horizontal: true

IV. Import personal database (if you have that before)

cp -r wubi86.userdb luna_pinyin.userdb ~/Library/Rime/

V. Set Squirrel as default input method

System Preferences - Keyboard - Input Sources

Switch to Squirrel, then Deploy.

6. Establish a VPN over SSH

A common term amongst offensive security folks (pentesters / red  teams / etc), is to pivot into a network. Once you have a connection  established on one system that system becomes a gateway point for  further access to the network. This is known as pivoting and enables  lateral movement through the network.

We can use the SSH proxy for this and proxychains, however there are some limitations. For example we cannot use raw sockets, so Nmap SYN scans cannot be used to port scan the Internal network.

Using this more advanced VPN option we move the connectivity down to layer 3. We can then simply route traffic through the tunnel using standard network routing.

This technique uses ssh, iptables, tun interfaces and routing.

First we need these options set in the sshd_config. Since we are making interface changes on the remote system and the client system, we will need root privileges on both sides.

PermitRootLogin yes
PermitTunnel yes

Then we will establish our ssh connection using the parameter that requests tun devices be initialised.

localhost:~# ssh -v -w any root@remoteserver

Now you should have a tun device when you show interfaces (# ip a). Next step is to add IP addresses to the tunnel interfaces.

SSH Client Side:

localhost:~# ip addr add 10.10.10.2/32 peer 10.10.10.10 dev tun0 
localhost:~# ip tun0 up

SSH Server Side:

remoteserver:~# ip addr add 10.10.10.10/32 peer 10.10.10.2 dev tun0 remoteserver:~# ip tun0 up

Now we should have a direct route to the other host (route -n and ping 10.10.10.10).

It is now possible to route any subnet through the other side host.

localhost:~# route add -net 10.10.10.0 netmask 255.255.255.0 dev tun0

On the remote side we need to enable ip_forward and iptables.

remoteserver:~# echo 1 > /proc/sys/net/ipv4/ip_forward 
remoteserver:~# iptables -t nat -A POSTROUTING -s 10.10.10.2 -o enp7s0 -j MASQUERADE

Boom! Layer three VPN through an SSH tunnel. Now that's winning.

Any trouble, try tcpdump and ping to see where its broken. Since we are playing at layer 3 our icmp packets should be jumping through that tunnel.

20. Bouncing through jump hosts with ssh and -J

When network segmentation means you are jumping through multiple ssh hosts to get to a final destination network or host, this jump host shortcut might be just what you need.

localhost:~$ ssh -J host1,host2,host3 user@host4.internal

A key thing to understand here is that this is not the same as ssh host1 then user@host1:~$ ssh host2, the -J jump parameter uses forwarding trickery so that the localhost is establishing the session with the next host in the chain. So our localhost is authenticating with host4 in the above example; meaning our localhost keys are used and the session from localhost to host4 is encrypted end to end.

To use this ability in the ssh_config use the ProxyJump configuration option. If you regularly have to jump through multiple hosts; use the config file and your alias to host4 will save you a lot of time.

22. Modify Port Forwarding within a session with ~C

And our final ssh example is for modifying port forwarding on the fly within an existing ssh session. Picture this example scenario. You are deep in a network;  perhaps you have jumped through half a dozen jump hosts and need a local  port on your workstation forwarded to Microsoft SMB on the old Windows  2003 system you spotted (ms08-67 anyone?).

After hitting enter try typing ~C in your terminal. This a control escape sequence within the session that allows to make changes to the existing connection.

localhost:~$ ~C 
ssh> -h
Commands:
      -L[bind_address:]port:host:hostport    Request local forward
      -R[bind_address:]port:host:hostport    Request remote forward
      -D[bind_address:]port                  Request dynamic forward                   
      -KL[bind_address:]port                 Cancel local forward       
      -KR[bind_address:]port                 Cancel remote forward       
      -KD[bind_address:]port                 Cancel dynamic forward 
ssh> -L 1445:remote-win2k3:445
Forwarding port.

You can see here we have forwarded our local port 1445 to the Windows 2003 host we found on the internal network. Now simply launch msfconsole and we are good to go (assuming you were planning on exploiting that host).

Add the local cache registry running on the master to the docker options that get pulled into the systemd unit file.

[fedora@atomic01 ~]$ sudo vi /etc/sysconfig/docker
OPTIONS='--registry-mirror=http://192.168.122.10:5000 --selinux-enabled --log-driver=journald'

cite: https://www.projectatomic.io/docs/gettingstarted/

收集整理一些产品的小细节。

• http://www.thedrum.com

Emoji 和提示语，第一次看有趣，点过之后置灰，或消失，提供关闭按钮，避免反感。

• 豆瓣电影介绍「话题」新功能

时下用遮盖的可能较多，用同一平面标注的较少。

• B 站的创新：长按点赞按钮 == 点赞 + 投币 + 收藏

• Export your content from SETTINGS-Labs-Export your content
• Backup your images folder
• Install docker^[1]
• Setup Docker
  sudo usermod -aG docker $USER
  Log out then Re-login
  sudo systemctl start docker
sudo systemctl enable docker
docker pull ghost
• Run Docker^[2]

docker run -d --name blog \
	--restart unless-stopped \
	-p 80:2368 \
	-v /path/to/ghost/content/images:/var/lib/ghost/content/images \
	-v /path/to/ghost/content/data:/var/lib/ghost/content/data \
	-v /path/to/ghost/content/logs:/var/lib/ghost/content/logs \
	-v /path/to/ghost/content/themes:/var/lib/ghost/content/themes \
	-v /path/to/ghost/config.production.json:/var/lib/ghost/config.production.json \
	ghost

• Signin via your-url.com/ghost
• Inport your content
• Unlock your account^[3]

1. Play the video w/ IINA
   While playing, press [s] to take screenshots.

TBD: Is there a better way?

1. Crop bulk screenshots w/ [Image Crop]
   Set "Custom Crop", "Pixels" and "Output".
2. Generate subtitle pdf file
   ls >> subtitle.md then vim subtitle.md add ![](), generate pdf w/ [Typora]

TBD: Is there a tool to OCR bulk images?

1. Convert pdf to word w/ [PDF to Word Converter]

Recap

Need an AI way.

Apple's CDN sucks. Especially in China mainland.

So, if you couldn't successfully download macOS Installer from Mac App Store, follow these steps to download the Installer via CLI tool – Aria2.

• Download from Mac App Store.

Yeah, we still need Mac App Store in order to get the direct links. Before you wasting time downloading it, delete it from Launchpad.

• Check the extraInfo file at /Library/Updates/***-*****/***-*****.English.extraInfo.

***-***** means several numbers (maybe version code?), e.g.:

See the link above?

(Pff... Seriously? Not even HTTPS?)

http://swcdn.apple.com/content/downloads/30/55/091-36857/e08asjpjpbflt33p43ufqmuv6b39x8pa10/InstallAssistantAuto.smd

There are 3 files you need to download: RecoveryHDMetaDmg.pkg, InstallAssistantAuto.pkg, and InstallESDDmg.pkg. Thus in this case, URLs will be:

http://swcdn.apple.com/content/downloads/30/55/091-36857/e08asjpjpbflt33p43ufqmuv6b39x8pa10/RecoveryHDMetaDmg.pkg

http://swcdn.apple.com/content/downloads/30/55/091-36857/e08asjpjpbflt33p43ufqmuv6b39x8pa10/InstallAssistantAuto.pkg

http://swcdn.apple.com/content/downloads/30/55/091-36857/e08asjpjpbflt33p43ufqmuv6b39x8pa10/InstallESDDmg.pkg

Modify the URLs if you need, then download these 3 files via Aria2:

aria2c -x8 "URL"

After successfully downloading them, copy them to the directory /Library/Updates/***-*****/ ('Member the code numbers? Check above).

• Final step, open Mac App Store and click Download button again, wait a minute, Ta-da! You will get the Install macOS High Sierra.app!

• One more thing...

If you want to check the sha1sum hash, I'll recommend https://github.com/notpeter/apple-installer-checksums.

Good luck.

《平面设计中的网格系统》

Grid systems in graphic design