Protect DNS Privacy on Ubuntu 18.04 with DNS over Https(DOH)

DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol. A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver.

Stubby is an open-source DNS stub resolver developed by the getdns team. A stub resolver is a small DNS client on the end-user’s computer that receives DNS requests from applications such as Firefox and forward requests to a recursive resolver like or Stubby is special in that it supports DNS over TLS. By default, it will only send DNS requests encrypted.

Install Stubby

Stubby is in Ubuntu 18.04 repository. Open up a terminal window and run the following command to install it.

sudo apt install stubby

Once you install it successfully, it will run in the background in the form of service. The default listening port of the software is 53.
Check whether the startup is successful:

sudo netstat -lnptu | grep stubby

The main configuration file is /etc/stubby/stubby.yml. generally, it does not need to be changed..

Switching to Stubby

Edite the /etc/resolve.conf file to change nameserver to



Dockerfile for Geodjango and mysql-client


Dockerfile based on Ubuntu image:

FROM ubuntu:bionic MAINTAINER xxx "[email protected]" ENV PYTHONUNBUFFERED 1 ENV DEBIAN_FRONTEND noninteractive ENV LANG C.UTF-8 RUN apt-get update -qq \ && apt-get install -y -qq unzip \ wget \ sudo \ less \ nano \ curl \ gcc \ libssl-dev \ git \ gosu \ build-essential \ software-properties-common \ python3.6 \ python3.6-dev \ python3.6-venv \ gettext \ gdal-bin \ binutils \ libproj-dev \ libgdal-dev \ libpq-dev \ postgresql-client \ && wget \ && python3.6 \ && rm \ && pip3 install --no-cache-dir setuptools wheel -U \ && pip install gunicorn mysqlclient \ && apt-get clean all \ && rm -rf /var/apt/lists/* \ && rm -rf /var/cache/apt/* ENV CPLUS_INCLUDE_PATH=/usr/include/gdal ENV C_INCLUDE_PATH=/usr/include/gdal


docker bulid -t wktadmin/django_geo:latest .

Or download it directly in dockerhub

dockerhub site: pull docker pull wktadmin/django_geo:python3.6

Add idea to gnome shell favorites

// create file:

sudo vim /usr/share/applications/intellij.desktop  
# or ~/.local/share/applications/intellij.desktop is ok.

// add the following

[Desktop Entry]

// chmod permissions

sudo chmod 644 /usr/share/applications/intellij.desktop
sudo chown root:root /usr/share/applications/intellij.desktop

Reducing the filesize of complex 3D .OBJ models

create a filter script:

create a filter script for example to reduce any model to 32,000 faces script:

<!DOCTYPE FilterScript>
 <filter name="Quadric Edge Collapse Decimation">
  <Param type="RichInt" value="32000" name="TargetFaceNum"/>
  <Param type="RichFloat" value="0" name="TargetPerc"/>
  <Param type="RichFloat" value="1" name="QualityThr"/>
  <Param type="RichBool" value="true" name="PreserveBoundary"/>
  <Param type="RichFloat" value="1" name="BoundaryWeight"/>
  <Param type="RichBool" value="true" name="PreserveNormal"/>
  <Param type="RichBool" value="false" name="PreserveTopology"/>
  <Param type="RichBool" value="true" name="OptimalPlacement"/>
  <Param type="RichBool" value="true" name="PlanarQuadric"/>
  <Param type="RichBool" value="false" name="QualityWeight"/>
  <Param type="RichBool" value="true" name="AutoClean"/>
  <Param type="RichBool" value="false" name="Selected"/>

save it as 32k.mlx.

run meshlabserver with headless

meshlabserver -i original.obj -o new_small.obj -s 32k.mlx

create windows virtual on ubuntu server.

  1. server side
sudo apt-get install kvm libvirt-bin  
  1. destop side
sudo apt-get install virt-manager
sudo virt-manager
  1. more usage:
sudo virt-manager --help

  • Click file and select add connection then
    • Check Connect to remote computer
    • Method :SSH
    • User : your user for login server
    • machine name : ip address or host name


Notice: The virt-manager GUI dialog does not have a way to specify a non-default ssh port or the private key to use when connecting to the remote server, but this is easily done by starting virt-manager with the ‘-c’ parameter.

virt-manager -c 'qemu+ssh://[email protected]/system?keyfile=/home/user/.ssh/id_rsa'