Custom TinyWebDB Service

May 11, 2018 by Goldman Posted in 4. Others Tagged AppInventor Leave a comment

Creating a Custom TinyWebDB Service

TinyWebDB is an App Inventor component that allows you to store data persistently in a database on the web. Because the data is stored on the web instead of a particular phone, TinyWebDB can be used to facilitate communication between phones and apps (e.g., multi-player games).

By default, the TinyWebDB component stores data on a test service provided by App Inventor, http://appinvtinywebdb.appspot.com/ . This service is helpful for testing, but it is shared by all App Inventor users, and it has a limit of 1000 entries. If you use it, your data will be overwritten eventually.

For most apps you write, you’ll want to create a custom web service that isn’t shared with other App Inventor apps and programmers. You need not be a programmer to do so– just follow the instructions below and you’ll have your own service within minutes.

To create your own web service, follow these instructions:

Download App Engine for Python at http://code.google.com/appengine/ . After installing it, run the GoogleAppEngineLauncher by clicking its icon.
Download this sample code. It is a zip file containing the source code for your custom tinywebdb web service
This code is setup to run with App Engine using Python 2.7, so you’ll need Python 2.7 on your computer. To check your version of Python, open up your Terminal and type in python. If you don’t have the right version, you can download it from here
To make sure that App Engine is configured to use it, in App Engine Launcher, choose Preferences and then put in path to Python2.7 (On a Mac, this might be something like /usr/local/bin/python2.7 )
Unzip the downloaded zip file. It will create a folder named customtinywebdb. You can rename it if you want.
In the GoogleAppEngineLauncher, choose File | Add Existing Application. Browse to set the Path to the customtinywebdb folder you just unzipped. Then click the Run button. This will launch a test web service that runs on your local machine.
You can test the service by opening a browser and entering “localhost:8080” as the URL. (NOTE: if you’ve already created a web service, the port number (8080) may be different the second time, check the table in Google App Engine Launcher to see what Port number you should use).
You’ll see the web page interface to your web service. The end-goal of this service is to communicate with a mobile app created with App Inventor. But the service provides a web page interface to the service to help programmers with debugging. You can invoke the get and store operations by hand, view the existing entries, and also delete individual entries. NOTE: If you are having problems creating a web page, click the Logs on the App Engine screen to diagnose the error.

Congrats, you’ve now made a webpage for your app. But your app is not yet on the web, and thus not yet accessible to an App Inventor app. To get it there, you need to upload it to Google’s App Engine servers.

In the GoogleAppEngineLauncher, choose Dashboard. Enter your Google account information and you’ll be taken to an App Engine dashboard.
Choose Create an Application. You’ll need to specify a globally unique Application Identifier. Remember the Application identifier as you’ll need it later. Provide a name to your app and click Create Application to submit. If your Identifier was unique, you now have a new, empty app on Google’s servers.
Open a text editor on your local computer and open the file app.yaml within the customtinywebdb folder you unzipped. Modify the first line so that the application matches the application identifier you set at Google.
In GoogleAppEngineLauncher, choose Deploy and follow the steps for deploying your app.
Test to see if your app is running on the web. In a browser, enter myapp.appspot.com, only substitute your application identifier for myapp. The app should look the same as when you ran it on the local test server. Only now, it’s on the web and you can access it from your App Inventor for Android app.

Your App Inventor apps can store and retrieve data using your new service. Just do the following:

Drag in a TinyWebDB component into the Component Designer.
Modify the ServiceURL property from the default http://appinvtinywebdb.appspot.com/ to your web service.
Any StoreValue operations (blocks) will store data at your service, and any GetValue operations will retrieve from your service.

Information source: 1) http://appinventor.mit.edu/explore/content/custom-tinywebdb-service.html

2) https://cloud.google.com/appengine/docs/standard/python/download?hl=zh-CN

东莞实施“明厨亮灶”

May 10, 2018 by Goldman Posted in 4. Others Leave a comment

东莞实施“明厨亮灶”的餐饮单位数达11899家

Source: http://www.o769.cn/baixing/Info.asp?ID=7129

民以食为天，食品安全问题总是牵动大众的神经。记者7日从东莞市食药监局获悉，目前越来越多餐饮服务单位主动把后厨“亮”给市民看，全市实施“明厨亮灶”的餐饮单位数已达11899家，覆盖全市餐饮单位逾三分之一。

“明厨亮灶”分六种类别

不少餐馆的后厨门口都贴着“厨房重地，闲人免进”的提示，厨房的卫生状况和食品加工过程并不透明。“谁知道后厨到底卫不卫生呢？所以有时外出吃饭难免会提心吊胆。”很多市民担心。

“为了创新监管模式，强化餐饮服务单位的责任意识，早在2013年，我局就在部分中小学校、幼儿园食堂等餐饮单位率先试点开展‘明厨亮灶’工作。”据市食药监局相关负责人介绍，“明厨亮灶”就是将餐饮服务单位的操作间、凉菜间、洗消间等食品加工制作的关键部位和原料清洗、切配、烹饪、餐具洗消、凉菜加工等重要环节，通过透明玻璃窗（或玻璃幕墙)、电子显示屏、隔断矮墙等方式展示给消费者，实现阳光操作、透明化管理。

据了解，广东省去年也已出台了“明厨亮灶”规范指引——按照新修订的《广东省食品安全条例》第三十二条有关规定，将餐饮“明厨亮灶”建设分为透明式、开放式、视频监控式、参观通道式、组合式、其他形式等六种类别，并结合建设“餐饮服务食品安全信息公示栏”，向消费者展示食品加工制作关键过程，接受消费者监督。

用餐不再“眼不见为净”

昨日中午，记者走进厚街万达广场发现，作为厚街食品安全示范创建对象，这里已经实现“明厨亮灶”工程全覆盖。45家餐饮服务企业，均通过视频监控或透明式厨房等方式，让用餐顾客能看到厨房内部的操作。放眼望去，很多家餐厅在门口挂出了他们的监控电视，上面播放着厨房的实时画面。

记者在一家顺德菜餐厅看到，门口的监控电视中，两个画面对准了原料清洗和切配区域，另有两个画面显示着角落与地面的状况，看起来都比较整洁。餐厅里面还有一个监控电视，这样一来，顾客在选择餐厅前和用餐过程中，都能看到厨房内部的实时情况。

带着全家老小一同用餐的顾女士说：“以前外出吃饭都看不到这些后台操作，‘眼不见为净’。现在食客能直观地看到后面的卫生状况，的确会更放心，但是我们只能看到后厨的卫生情况和厨师的操作过程，食物的用料和材质看不到，希望接下来餐饮单位能公示原材料和辅料来源。”

“食药监部门已经叫我们去开过会，对此事我既支持又担心。”南城一家餐馆的负责人认为，一是会增加企业成本，二是担心泄露一些大厨的炒菜秘方，让竞争对手钻了空子。“如果同行都‘明厨亮灶’，而我们不这样做，那竞争力就弱了很多。所以现在正在考虑，究竟要怎么改。”

学校食堂过半“明厨亮灶”

据市食药监局相关负责人透露，东莞将坚持按照“企业自愿、行业自发、政府引导、主动参与、因地制宜”的工作思路，确定一些新开办基础设施好的餐饮单位、学校食堂、大型以上餐馆及其他高风险类餐饮服务单位作为“明厨亮灶”建设的重点，以点带面，逐步推行，力争用三年时间基本完成全市餐饮服务单位“明厨亮灶”工作目标。

“目前全市已经实施‘明厨亮灶’的餐饮单位数达11899家，其中学校食堂达927家，占学校食堂总数一半以上。”该负责人表示，东莞会严把许可准入，对新开办餐饮服务单位，引导按“明厨亮灶”工程的要求指导建设；对所有餐饮服务单位换发证时，强调“明厨亮灶”作为必要条件重新进行现场核查，建成开放式厨房、使用透明玻璃隔断、采用视频传输等技术。

东莞实施“明厨亮灶”的方案:
“明厨亮灶”实施方案一是用玻璃隔断展现，实现透明厨房通过玻璃窗口消费者可以看到餐厅后厨师傅做菜的烹饪过程！这也是明厨亮灶最早的展现方式！同时跟据食品安全信息公示牌让监控管理人员和食客及时了解到食品的采购信息。

“明厨亮灶”实施方案二是通过后厨安装高清远程监控摄像设备实时直播将厨房生态——食材选择、烹饪加工、剩菜处理、餐具消毒等所有环节，以及厨房卫生情况、厨师仪表穿着等，一一呈现给食客，保障其知情权与监督权，让他们吃得更放心、吃得更安全。

“明厨亮灶”实施方案三是通过后厨安装高清远程监控摄像设备实时直播将厨房生态——食材选择、烹饪加工、剩菜处理、餐具消毒等所有环节，以及厨房卫生情况、厨师仪表穿着等，一一呈现给食客，保障其知情权与监督权，让他们吃得更放心、吃得更安全。

“明厨亮灶”实施方案四是实现了第三的所有功能还增加了从食品食材种植环境，食材储存、厨房环境、配菜烹调加工等过程就实现了全程透明化，实时性、公开性、透明性的阳光透明厨房，让消费者更放心！

Server Window Update Procedure

May 5, 2018 by Goldman Posted in 2. IT Security (資訊保安), 2.2 IT Security Operation (保安操作) 1 Comment

Section 1: Introduction

Because window update will impact to server operation, we should handle it carefully. According to the Microsoft paper of “Best Practices for Applying Service Packs, Hotfixes and Security Patches” as appendix in this document, we should apply the patch on needs base, and may not necessary to apply all patches. Moreover, we need to test the patch in testing server before applied to production server. Furthermore, because some application servers may have negative or unforeseen impact after patch update, we advise not to perform window update in application server. Let’s describe the window update procedure in following section for your reference.

Section 2: List of Servers to Window Update

The following servers will be included to perform the window update as below:

Server	Name	Install ip	Machine Type & Usage

Exclude list : We did not perform the window update in application servers, because it is difficult to evaluate the impact of patch to the application operation. However, if we decide a window update is critical and is necessary to apply, we have to test it in a testing server; then apply to production application servers after testing okay.

Normally, we will exclude the following servers from window update because we installed business application software in them.

Server	Name	Install ip	Machine Type & Usage

Section 3: Schedule to Perform Window Update

We plan to perform window update in servers monthly. In order not to affect the month-end operation, we plan to do it during non-office hours in second or third week of a month.

Section 4: Test-Run the Window Update

1. Backup a virtual testing server in PRC via VM snapshot function

2. Run the “Check for Updates” option as below diagram:

Generate a list of Window Server Patch Update and review its content as below diagram.

Update Patch List:

Patch List	Plan to Update (yes/No)	Remark
KB4041083	Yes
KB4049016	Yes
KB4054518	Yes
KB4052978	Yes
KB4033342	Yes
KB2823180	Yes
KB890830	Yes

3. Perform the patch update in the testing server, and report the result as below green highlight column:

Patch List	Plan to Update (yes/No)	Testing Result (Pass/Failure)
KB4041083	Yes
KB4049016	Yes
KB4054518	Yes
KB4052978	Yes
KB4033342	Yes
KB2823180	Yes
KB890830	Yes

4. Resolve any issue if necessary; or not plan to update any issue patch

Section 5: Apply Patch in Production Servers

Backup Virtual Servers:

Local-IT team will create VM snapshot for the following virtual servers:

Server	name	Install ip	Machine Type & Usage	Server Backup

2. Patch Update PRC Servers:

Local-IT team will perform Patch Update for virtual servers as below list. We will schedule to patch those servers during non-office hour (e.g. 7:00pm during week-day). If reboot require after patch update, we will also reboot during off-office hour.

Server	Name	Install ip

3. IT team will perform Patch Update for Hardware servers as below list.
We will schedule to patch those servers during non-office hour (e.g. 7:00pm during week-day). If reboot require after patch update, we will also reboot during off-office hour.

Server	Name	Install ip

4. Trouble-Shoot to solve any issue; maybe roll-back the server image or uninstall patch if necessary.

5. Update the “Patch ID and Date” in below two log tables as highlight in green columns:

Server Patch Update Log
Server	name	Install ip	Machine Type & Usage	Server Backup	Patch ID & Date

Appendix: Best Practices for Applying Service Packs, Hotfixes and Security Patches

Reference information from https://msdn.microsoft.com/en-us/library/cc750077.aspx as below:

Service packs, hotfixes and security patches are updates to products to resolve a known issue or workaround.

Moreover, service packs update systems to the most current code base. Being on the current code base is important because that’s where Microsoft focuses on fixing problems. For example, any work done on Windows 2000 is targeted at the next service pack and hotfixes are built against the existing available base.

Individual hotfixes and security patches on the other hand should be adopted on a case-by-case, “as-needed” basis. The majority of security updates released are for client side (often browser) issues. They may or may not be relevant to a server installation. Evaluate the update, if it’s needed, then apply it. If not, assess the risk of applying or not.

Apply updates on a needs only basis.

One of the common misconceptions about Microsoft updates is that they are mandatory and/or urgent.

All updates, regardless of their type (whether they are service packs, hotfixes or security patches), are to be applied on an “as-needed” basis. They need to be evaluated individually and treated as important optional updates.

Especially with security patches, the expectation is that it must be an urgent issue and must be deployed quickly. Without trying to detract from the urgency, security patches are very much a relative update; for example, customers using solely Windows NT4 can ignore a patch for a security vulnerability in Windows 2000. However, if the issue is relevant and does plug a security hole, then it should be evaluated urgently.

Only when it addresses or fixes an issue being experienced by the customer should it be considered. Of course, it still needs to be evaluated before being installed.

Testing.

The prior points really assist in giving you a feel (before installing) for the potential impact, however, testing allows for the “test driving” and eventual signing off of the update.

Service packs and hotfixes must be tested on a representative non-production environment prior to being deployed to production. This will help to gauge the impact of such changes.

-END-

How to start mining via Antpool & BTC.com

April 14, 2018 by Goldman Posted in 4. Others Tagged mining Leave a comment

information source: https://support.bitmain.com/hc/en-us/articles/115000211774-Connect-Antminer-S9-T9-S7-to-Pools-Antpool-BTC-com

Connect Antminer S9/T9/S7 to Pools – Antpool/BTC.com

Connect to Antpool

1.Login：https://www.antpool.com/

2. Enter your User ID and password for Bitmain.com to log into Antpool or register a new account.

3. Click the “Bitcoin”at the upper left of the page. Go to the Settings tab and add a Sub-Account via the button on the right.

Sub-account must contain only the letters or numbers

4. Enter the default IP address of the ANTMINER – Go to the login page, enter the user ID: root, password: root.

5. Click Miner Configuration, you can fill in 3 groups of mining pool. If the first group is dead, then, it will automatically pointed to the second group. You could fill first 2 groups with Antpool, the third one with BTC.com.

Below is the configuration of Antpool:

stratum+tcp://stratum.antpool.com:3333
stratum+tcp://stratum.antpool.com:443
stratum+tcp://stratum.antpool.com:25

Worker Format: sub-account.miner name

Example: If your sub-account is “antminer”, then your miners could be set up as antminer.1, antminer_1, antminer.2, etc. The miner order will be sorted by the miner name.

Password: (Blank). if you change addresses in bulk, fill it as 123.

Click Save & Apply to mine, the miners will be restart.

Connect to BTC.com

Account Registration

1. Login the home page： https://pool.btc.com

2. Click the “Sign Up Now ” button:

3. Complete the informtaion required and create a new account:

Sub-Account Configuration

1. Click the user name on the top right and choose create sub-account:

2. Fill the blanks and complete creating sub-account:

Miner Configuration

1. Node Selection

There is network delay when users connecting miners to different nodes in different area. Selecting the nearest nodes can provide the most stable connection.

North China Mining Address

    stratum+tcp://cn.ss.btc.com:1800
    stratum+tcp://cn.ss.btc.com:443
    stratum+tcp://cn.ss.btc.com:25

South China Mining Address

    stratum+tcp://us.ss.btc.com:1800
    stratum+tcp://us.ss.btc.com:443
    stratum+tcp://us.ss.btc.com:25

America Mining Address

    stratum+tcp://us.ss.btc.com:1800
    stratum+tcp://us.ss.btc.com:443
    stratum+tcp://us.ss.btc.com:25

Europe Mining Address

    stratum+tcp://us.ss.btc.com:1800
    stratum+tcp://us.ss.btc.com:443
    stratum+tcp://us.ss.btc.com:25

2. Miner Setting

Format: sub-account.miner name

Example: If your sub-account is “btcminer”, then your miners could be set up as btcminer.001, btcminer.002, etc. The miner order will be sorted by the miner name. Password: (Blank). if you change addresses in bulk, fill it as 123.

3. Miner Conection Setting

Type the IP address of miners into the address bar with a web browser under the local area network. The default account is: username ‘root’, password ‘root’.

Sub-Account Management

1. After signing up on BTC pool, uses can establish multiple sub-accounts for different needs.

Click the current sub-account on top right corner:

2. Users can edit every sub-account on this page, such as modifying address and setting alert:

Information Modification

Click “settings” button on top right of the website, you can modify your account and address as follows:

Payment Confirmation

Payment Time

BTC Pool settles all the earnings of last day at UTC 00:00 and sends the payment in 2 hours.

Confirmation Time

The confirmation of TX takes time on Bitcoin Network. The time could be 1 minute or up to 2 hours, which depends on the network status. BTC Pool promises that users receive the payment in the shortest time.

Quality Management Concept – Quality vs Grade & Accuracy vs Precision

April 13, 2018 by Goldman Posted in 4. Others 82 Comments

Difference between Quality and Grade

Quality and grade is difference. Quality as a delivered performance or result is “the degree to which a set of inherent characteristics fulfill requirements” (ISO 9000). Grade as a design intent is a category assigned to deliverables having the same functional use but different technical characteristics. While a quality level that fails to meet quality requirements is always a problem, a low grade of quality may not be a problem. For example:

It may not be a problem if a suitable low-grade software product (one which a limited number of features) is a high quality (no obvious defects, readable manual). In this example, the product would be appropriate for its general purpose of use.
It may be a problem if a high-grade software product (one which numerous features) is of low quality (many defects, poorly organized user documentation). In essence, its high-grade feature set would prove ineffective and/or inefficient due to its low quality.

Difference between Accuracy and Precision

The project management team should determine the appropriate levels of accuracy and precision for use in the quality management plan. Precision is a measure of exactness. Accuracy is an assessment of correctness. For example, if the measured value of an item is very close to the true value of the characteristic being meansured. the measurement is more accurate. An illustration of this concept is the comparison of archery targets. Arrows clustered tightly in one area of the target, even if they are not clustered in the bull’s eye, are considered to have high precision. Targets where the arrows are more spread out but equidistant from the bull’s eye are considered to have the same degree of accuracy. Targets were the arrows are both tightly grouped and within the bull’s eye are considered to be both accurate and precise. Precise measurements are not necessary accurate measurements, are accurate measurements are not necessarily precise measurements.

Diary of IT Man – My Road to Pass PMP Exam

April 6, 2018 by Goldman Posted in Diary of IT Man(IT人在工廠日記) Leave a comment

It was a nowadays requirement for any professional to continue study, so, I planned to enhance my project management knowledge which should be useful for my IT management skill. I decided to take a PMP exam and got a PMP certification. PMP stands for Project Management Professional, and it is endorsed by a US’s Project Management Institute (https://www.pmi.org/).

I thought that PMP exam should be easy for me because I had rich experience to handle IT projects. I did not intent to join any course, however, it was a requirement from PMI that a candidate had to register a course, so that I registered a PMP on-line preparing course from https://www.udemy.com/ in Oct 2017. The Udemy PMP course costed only US$10.99, which was a very good price. Although the concept of project management was very generic, I needed to learn many PMP specific terms and definition from Udemy, which were new to me. After I have finished the Udemy on-line course, I could only get 70 marks from its drill test, which I should get 75 marks or above in order to ensure to pass the exam according to the lecturer comment.

After the Udemy course, I borrowed two books from library to self-study: I) “Pass the PMP exam : tools, tips and tricks to succeed” by Sean Whitaker ; ii) “PMP practice makes perfect : over 1000 PMP practice questions and answers” by John Estrella. After I have finished these two books, I still did not comfortable. I searched from web and found a web site https://edward-designer.com/web/pmp/ which Edward shared his experience about PMP exam. It provided me many useful information.

My final preparation work is to read the PMBOKGuide from PMI, and did more free mock exam questions from web, such as from Oliver Lehmann (Online) and Edwel Mock Exam.

Luckily, I passed the PMP exam in my first in-take. I spent totally 6 months to prepare the exam, and I passed it in Mar 2018.

_____________________________________________________________________

Additional information about Changing of PMP Exam on or after 26 Mar 2018 as below.

The release of the PMBOK® Guide – Sixth Edition in September 2017, the PMP exam will change 26 March 2018. These updates will ensure the exam content is consistent with the PMBOK® Guide.

Although the PMP is not a test of the PMBOK® Guide, it is one of the primary references for the exam. Some of the updates you can expect to see surround lexicon changes and terminology used within the exam as well as harmonization of process groups, tools, and techniques.

The major updates to the sixth edition are summarized below:

A new chapter on the role of the project manager has been added to focus on leading projects effectively – competencies, experience, and skills that are all necessary.
Two Knowledge Areas have been re-named to more accurately reflect which elements can be managed and which cannot:

o Time Management is now Schedule Management

o Human Resource Management is now Resource Management

Every Knowledge Area features four new sections:

Key Concepts
Trends and Emerging Practices
Tailoring Considerations
Considerations for Agile/Adaptive Environments

The sixth edition will also present new content around considerations for agile/adaptive environments and the PMI Talent Triangle®.

We wish you the best of luck on upcoming exam!

IT人在工廠日記 – 大陸的招工人問題

March 27, 2018 by Goldman Au Posted in Diary of IT Man(IT人在工廠日記) Leave a comment

每年春節之後，工厂都有招聘工人的困難，但是今年特別嚴重，已經過了正月，仍未請夠工人。因為趕貨原因，工厂特別要求工厂的文職人員到生產線幫手，連經理和主管级的職員也要参與。大陸的招人問題，真的愈來愈嚴重。

Excel CMS plugin demonstration

March 22, 2018 by Goldman Posted in 4. Others Leave a comment

Example of using a free-of-charge “Excel CMS” plugin to display an excel file in wordpress as below. If you want to get more info about this “Excel CMS” plugin, please visit their website.

[wp_excel_cms name=”Sales Commission”]

MySQL operation script for beginner

March 22, 2018 by Goldman Posted in 3. IT Application (應用軟件), 3.6 Other System (其它系統) Leave a comment

Create a new user within the MySQL shell:
mysql> CREATE USER ‘newuser’@’localhost’ IDENTIFIED BY ‘password’;
Create Permissions:
mysql> GRANT ALL PRIVILEGES ON *.* TO ‘newuser’@’localhost’;
Reload all the privileges.
mysql> FLUSH PRIVILEGES;
Your changes will now be in effect.
Revoke a permission:
mysql> REVOKE [type of permission] ON [database name].[table name] FROM ‘[username]’@‘localhost’;
Delete databases with DROP, you can use DROP to delete a user altogether:
mysql> DROP USER ‘demo’@‘localhost’;
To get a list of MySQL users:
mysql> select user,host from mysql.user;
To find the privilege(s) granted to a particular MySQL account:
mysql> show grants for ‘root’@’%’;
After test out your new user, log out by typing
mysql> quit

drop database goldman_wrdp8

CREATE Database goldman_wrdp8

use goldman_wrdp8;

source import_file.sql;
update wp_options SET option_value=’http://goldman168.no-ip.org/goldmanau’ where option_name=’siteurl’;

update wp_options SET option_value=’http://goldman168.no-ip.org/goldmanau’ where option_name=’home’;

extract a gz file?

Use guzip command as follows:
$ gunzip file.gz
OR
$ gzip -d file.gz

Change user password;

MySQL 5.7.6 and later:

ALTER USER 'root'@'localhost' IDENTIFIED BY 'MyNewPass';

MySQL 5.7.5 and earlier:

SET PASSWORD FOR 'root'@'localhost' = PASSWORD('MyNewPass');

UPDATE mysql.user SET authentication_string = PASSWORD(‘MyNewPass’), password_expired = ‘N’ WHERE User = ‘root’ AND Host = ‘localhost’; FLUSH PRIVILEGES;

搭建Shadowscoks和VPN翻墙

February 28, 2018 by Goldman Au Posted in 2.1 IT Security Requirement (保安要求) Leave a comment

1 为什么翻墙

作为一个技术人员, 最常用的就是Google、StackOverflow、Github这些网站, 工作期间几乎每分钟都在用。

另外,偶尔也上上Facebook、YouTube、草榴以及Porn, 娱乐一下自己。

如果不能翻墙, 几乎就是鱼离开了水, 人离开了空气, 感觉一刻都不能待下去。

2 常用的翻墙方法

常用的翻墙方法是:

1 购买一台大陆以外的服务器,搭建VPN或者ShadowScoks。

2 购买第三方的代理服务。 (我试用过后,觉得速度不可控,而且限制多。况且我们公司人多, 算下来不如自己搭建划算)

3 使用自由门、GoAgent(速度比较慢、经常不能用、mac或者手机上用不了)

我用的电脑是Mac, 电脑支持VPN、ShadowScoks, 手机是iPhone, 没有越狱,不支持ShadowScoks。

ShadowScoks支持自动代理模式,国内的不走代理,国外的走代理,而且能自定义。

而VPN只能完全代理。所以我决定Shadowscoks和VPN都搭建。电脑上主要用Shadowscoks,手机上用VPN。

那么,如何选择一家合适的代理服务器呢?

国外比较知名的云服务运营商有有Linode、DigitalOcean等, 费用基本10美元一个月。ping值在200左右。

国内阿里云也有香港和美国节点,香港节点价格117元/月, ping值在50左右。

之前2年用的是linode, 一直比较稳定,但是最近, 速度实在太慢了, 决定签回阿里云香港试一下。在这里做个记录。

3 实施

3.1 购买服务器

在阿里云后台,购买 1核CPU 1GB内存 的服务器, 操作系统选择的是 CentOS 7.0 64位, 价格117元/月。

3.2 使用Shdowsocks翻墙

1) 安装Shdowsocks服务端

登录阿里云服务器, 执行以下命令

# 安装pip
yum install python-pip

# 使用pip安装shadowsocks
pip install shadowsocks

2) 配置Shdowsocks服务,并启动

新建 /etc/shadowsocks.json 文件, 并写入以下内容

{
	"server":"remote-shadowsocks-server-ip-addr",
	"server_port":443,
	"local_address":"127.0.0.1",
	"local_port":1080,
	"password":"your-passwd",
	"timeout":300,
	"method":"aes-256-cfb",
	"fast_open":false,
	"workers":5
}

注意修改 server 和 password, workers 表示启动的进程数量。

然后使用以下命令启动: ssserver -c /etc/shadowsocks.json -d start

3) 使用本机Shdowsocks客户端, 连接服务端上网

如果用的是mac, 上网站 https://sourceforge.net/projects/shadowsocksgui/ 下载客户端。

安装完后进行如下配置:

如果是windows, 上面的网站也有客户端下载链接。

如果是android, 参考网站 https://github.com/shadowsocks/shadowsocks-android

如果是iPhone, 那你用不了shadowsocks, 只能用下面的VPN了。

3.3 使用VPN翻墙

VPN 隧道协议PPTP、L2TP、IPSec和SSLVPN（SSTP，OpenVPN）中安全性逐级提高，相应的受到墙的干扰逐级减弱。考虑到跨平台，PPTP穿透力及安全性，这里搭建支持 ikev1/ikev2 的 Ipsec VPN，适用于iOS、Android、Windows 7+ 、MacOS X,及Linux。为了兼容Windows 7以下的系统，同时搭建L2TP/IPSec支持。

Info Source: http://yijingping.github.io/2016/11/29/fanqiang.html