2015年8月12日 星期三

Use loopback device in docker


"--privileged" works for me.


loopback device in a Linux container? - Server Fault
http://serverfault.com/questions/701384/loopback-device-in-a-linux-container

The quick answer
docker run --privileged=true ...
An alternative
sudo losetup /dev/loop0 test.img
mount /dev/loop0 /mnt
docker run -v /mnt:/mnt ...
linux - Is it possible to mount an ISO inside a docker container? - Stack Overflow
http://stackoverflow.com/questions/22028795/is-it-possible-to-mount-an-iso-inside-a-docker-container
To mount an ISO inside a container, you need two things:
  • access to loop devices,
  • permission to mount filesystems.
By default, Docker locks down both things; that's why you get that error message.
The easiest solution is to start the container in privileged mode (docker run -privileged ...).
A more fine-grained solution is to dive down into the devices cgroup and container capabilities to give the required permissions.
Note that you cannot execute privileged operations as part of a Dockerfile; i.e. if you need to mount that ISO in a Dockerfile, you won't be able to do it.


2015年8月10日 星期一

Sara的食食課課 |
http://blog.shishikeke.com.tw/

賴宇凡演講
https://www.youtube.com/watch?v=aDS6wXhCK8Y&feature=BFa&list=ULkPkaxt8WP5Q

科學人雜誌 - 怎樣吃最健康?
http://sa.ylib.com/MagCont.aspx?PageIdx=1&Unit=featurearticles&Cate=&id=176&year=

每天吃3顆蛋,竟可降壞膽固醇!你一定要知道的 5 個膽固醇新常識 - 非讀BOOK - 新知 - 良醫健康網 - 商業周刊(百大良醫)
http://health.businessweekly.com.tw/AArticle.aspx?id=ARTL000020471&utm_source=facebook.com&utm_medium=social&utm_content=health&utm_campaign=content



Re: [討論] 不吃澱粉?
https://www.ptt.cc/man/FITNESS/DE51/DE92/M.1344485698.A.38A.html

她倡健康飲食文 醫生斥:吐血謬論 | 即時新聞 | 20150723 | 蘋果日報
http://www.appledaily.com.tw/realtimenews/article/life/20150723/653428/

小黃醫師的隨手筆記: 快吐血的謬論,卻充斥台灣媒體
http://blog.huangrh.com/2015/07/blog-post_21.html

SARA 你知道你說的錯很大嗎?
血的90%是水?凝固得了嗎?

https://www.facebook.com/photo.php?fbid=10207644872186335&set=a.1259756060495.40582.1427463448&type=1&fref=nf

(3) 急診女醫師其實. - 只要句子寫的親切,讓一般人看得懂,好像覺得輕輕鬆鬆就可以擁有健康,就代表是正確的嗎?...
https://www.facebook.com/emergencygirl/posts/1663417513890383

2015年7月27日 星期一

Linux Timer

Create your own timer routine in Linux | My Linux and Telecom Experiences
https://madalanarayana.wordpress.com/2014/01/25/create-your-own-timer-routine-in-linux/

Userspace application

  • add signal handler for SIGALRM/SIGVTALRM/SIGPROF, depends on the type of timer used.
  • call setitimer() to install a periodic timer
When the timer expiry, system will send a signal (SIGALRM/SIGVTALRM/SIGPROF)


Timekeeping in Linux Userspace | ctrLinux
http://www.ctrlinux.com/blog/?p=52

Linux C/C++ Timer signal handler in userspace - Code - Help To User
http://www.helptouser.com/code/5437240-linux-c-c-timer-signal-handler-in-userspace.html
setitimer(2) is a good start, but do you really want to go asynchronous with signals? Otherwise, you could have a main loop with select(2) or poll(2) and an appropiate timeout.

A much safer alternative to setitimer (which POSIX 2008 marks OBSolete) would be to use POSIX timers, and have the timer expiration function run in a thread rather than a signal handler. This way you are not restricted to only using async-signal-safe functions. They're documented here:
http://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html#tag_15_08_05
If you don't like the POSIX timers API, you could instead create a thread that merely sleeps in a loop, and block the timer signal in all threads except that thread. Then you will be free to use whatever functions you like in the signal handler, since it will run in a separate thread and there is no danger of it interrupting an async-signal-unsafe function.
 

2015年7月9日 星期四

2015年6月22日 星期一

Linux kernel mtdparts


Documentation/kernel-parameters.txt
drivers/mtd/cmdlinepart.c

 * mtdparts=[; *   := :[,]
 * := [@][][ro][lk]
CN5700 EVB, openwrt image https://downloads.openwrt.org/snapshots/trunk/octeon/generic/, Linux 3.18.14.
For Cavium Octeon, mtd-id is phy_mapped_flash:
[   33.269307] phys_mapped_flash: Found 1 x16 devices at 0x0 in 8-bit bank. Manufacturer ID 0x000001 Chip ID 0x001001
This works for me:
mtdparts=phys_mapped_flash:2176k(U-Boot)ro,6008k(rootfs),8k(u-boot-env)ro

Managing flash storage with Linux
http://free-electrons.com/blog/managing-flash-storage-with-linux/
mtdparts=omap2-nand.0:128k(X-Loader)ro,256k(U-Boot)ro,128k(Environment),4m(Kernel)ro,32m(RootFS)ro,-(Data)

2015年6月16日 星期二

awk

 awk '/Tech/ && $1>200 {print $2, $4,$5}' e 

Awk Introduction Tutorial – 7 Awk Print Examples
http://www.thegeekstuff.com/2010/01/awk-introduction-tutorial-7-awk-print-examples/

linux shell awk 語法 @ 血落閣 :: 隨意窩 Xuite日誌
http://blog.xuite.net/mb1016.flying/linux/28111008-linux+shell+awk+%E8%AA%9E%E6%B3%95

Awk - A Tutorial and Introduction - by Bruce Barnett
http://www.grymoire.com/Unix/Awk.html

2015年6月15日 星期一

MIPS Exception


http://scc.ustc.edu.cn/zlsc/lxwycj/200910/W020100308600770617815.pdf
8 Coprocessor 0 Registers, p.73
8.1 Coprocessor 0 Register Summary, p73
8.22 Cause Register (CP0 Register 13, Select 0), p113
Table 8-25 Cause Register ExcCode Field, p116
8.18 Status Register (CP Register 12, Select 0), p98


15.5. MIPS Exception Handling
http://www.cs.uwm.edu/classes/cs315/Bacon/Lecture/HTML/ch15s05.html

MIPS 通用寄存器 + 指令 - gujing001的专栏 - 博客频道 - CSDN.NET
http://blog.csdn.net/gujing001/article/details/8476685

CPU Registers
https://www.doc.ic.ac.uk/lab/secondyear/spim/node10.html

http://bbs.csdn.net/topics/390067643

这是mips core 报异常了。也就是status的bit 1置位了。
在status的bit1(EXL) 置位的时候, coprocessor 0的某些寄存器可以帮助你分析具体出错的位置,以及原因。

一般,如果不是一些特别的error错误,看epc就可以找到引起kernel panic的位置,可以理解为引起exception的pc值,如果是某些比较特别的错误,就得看 errorepc了。

针对楼主这个问题, cause寄存器的值为 00800034, 看来使用的应该是VI模式的中断机制,其中,bit 2- 6 是 01101, 也 就是 13, 查一下mips的 coprocessor的手册,就会发现,其代表ExcCode, 也就是exception code,为13的 话,就是发生了trap异常。
结合epc,也就是 在 指令地址为 80010ed0 do_ade+0x388/0xa1c 的位置,有一条trap指令执行了。

How to Encrypt Your Bash Shell Script on Linux Using SHC

http://www.datsi.fi.upm.es/~frosal/
http://www.datsi.fi.upm.es/~frosal/sources/CHANGES
http://www.datsi.fi.upm.es/~frosal/sources/shc.html
http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.9.tgz

How to Encrypt Your Bash Shell Script on Linux Using SHC
http://www.thegeekstuff.com/2012/05/encrypt-bash-shell-script/

2015年6月12日 星期五

IPSec stateful failover

HighAvailability - strongSwan
https://wiki.strongswan.org/projects/1/wiki/HighAvailability

strongSwan ha Tests
https://www.strongswan.org/uml/testresults/ha/index.html

IpsecStandards - strongSwan
https://wiki.strongswan.org/projects/strongswan/wiki/IpsecStandards

Not Supported: RFC 6311: Protocol Support for High Availability of IKEv2/IPsec
[strongSwan] Automated test ha/both-active fails
https://lists.strongswan.org/pipermail/users/2012-July/003299.html
> Our HA solution works different and is not based on RFC 6311. In fact,
> we don't need any additional protocol support in IKEv2 between server
> and client, all the synchronization is done between the cluster nodes
> directly.




Cisco High Availability Solution: Stateful Failover for IPsec - Cisco
http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-ipsec/white_paper_c11_472859.html
Stateful Failover for IP Security (IPsec) allows a router to continue processing and forwarding IPsec packets after a planned or unplanned outage occurs. A backup (secondary) router automatically takes over the tasks of the active (primary) router if the active router loses connectivity for any reason. This process is transparent to the user and requires neither adjustment nor reconfiguration of any remote peer.

Stateful IPsec VPN High-Availability Alternatives - IPSec Virtual Private Network Fundamentals
http://flylib.com/books/en/2.45.1.50/1/
Recall that in stateless IPsec failover, there is a reconvergence delay directly attributable to rebuilding IPsec SAs with the redundant router upon failover.

Stateful IPsec HA builds the appropriate entries in the redundant VPN gateway's SADB in advance and employs a mechanism to accurately maintain state parity between the active and standby VPN gateways, thereby effectively precluding the need for IPsec to renegotiate Phase 1 and Phase 2 SAs upon failover
RFC 6311 - Protocol Support for High Availability of IKEv2/IPsec
https://tools.ietf.org/html/rfc6311

RFC 6027 - IPsec Cluster Problem Statement
https://tools.ietf.org/html/rfc6027

Proposed IPsec HA Cluster Protocol
http://www.ietf.org/proceedings/78/slides/ipsecme-3.pdf

2015年5月28日 星期四

Sending (replay) captured packets

Tools - The Wireshark Wiki
https://wiki.wireshark.org/Tools#Traffic_generators

Tcpreplay
http://tcpreplay.synfin.net/

sudo apt-get install tcpreplay
sudo tcpreplay -i eth0 ping.pcapng

2015年5月21日 星期四

Instantiating I2C device in Linux userspace


linux/Documentation/i2c/instantiating-devices

File new_device takes 2 parameters: the name of the I2C device (a string) and the address of the I2C device (a number, typically expressed in hexadecimal starting with 0x, but can also be expressed in decimal.)

File delete_device takes a single parameter: the address of the I2C device. As no two devices can live at the same address on a given I2C segment, the address is sufficient to uniquely identify the device to be
deleted.

Example:
# echo eeprom 0x50 > /sys/bus/i2c/devices/i2c-3/new_device
 
echo 24c64  0x51 > /sys/bus/i2c/devices/i2c-0/new_device
echo 0x51 > /sys/bus/i2c/devices/i2c-0/delete_device

2015年4月20日 星期一

Markdown


http://markdown.tw/

https://www.openfoundry.org/tw/resourcecatalog/Program-Development/Markup-Languages/markdown
技術寫作產能工具 | iThome
http://www.ithome.com.tw/voice/95002

ReText - Linux 支援 Markdown 的編輯器 - Tsung's Blog
http://blog.longwin.com.tw/2014/02/retext-linux-support-markdown-editor-2014/

Pandoc - 維基百科,自由的百科全書
http://zh.wikipedia.org/zh-tw/Pandoc

apt-get install retext pandoc
pandoc -o x.html README -f markdown


2015年4月13日 星期一

The Internals of "Hello World" Program

http://www.slideshare.net/jserv/helloworld-internals

2015年4月1日 星期三

Docker on Ubuntu 14.04 LTS


https://docs.docker.com/installation/
https://docs.docker.com/installation/ubuntulinux/
https://docs.docker.com/installation/ubuntulinux/#installing-docker-on-ubuntu

wget -qO- https://get.docker.com/ | sh

If you would like to use Docker as a non-root user, you should now consider
adding your user to the "docker" group with something like:

sudo usermod -aG docker test

(Reboot required)

sudo docker run hello-world


ERROR: when running "sudo docker run hello-world"
FATA[0000] Post http:///var/run/docker.sock/v1.17/containers/create: dial unix /var/run/docker.sock: no such file or directory. Are you trying to connect to a TLS-enabled daemon without TLS?
FIX: Reboot

https://docs.docker.com/userguide/
https://github.com/veggiemonk/awesome-docker
https://github.com/wsargent/docker-cheat-sheet

Network configuration
https://docs.docker.com/articles/networking/

Linking containers together
https://docs.docker.com/userguide/dockerlinks/

2015年3月10日 星期二

EJBCA with openSSL CMP


https://download.primekey.se/public/ejbcav6ce-vm.zip
EJBCA CE v6.2.0
v4.3.24 r98716 can import the ovf.


ERROR: Can only connect to localhost by: https://ejbca:8443/ejbca. Connect from other host result in ssl_error_bad_cert_alert.
FIX:
According to /home/ejbca/ejbca_ce_6_2_0/conf/web.properties.sample
The private port JBoss will listen on 8443 to https on, client cert required
https://ejbca:8443/ejbca/
https://ejbca:8443/ejbca/adminweb/

The public port JBoss will listen to http on 8080 (no SSL, no client cert)
http://ejbca:8080/ejbca/
http://ejbca:8080/ejbca/adminweb/ (Authorization faild, require client certificate)

The public port JBoss will listen to https on 8442, no client cert required
https://ejbca:8442/ejbca/
https://ejbca:8442/ejbca/adminweb/ (Authorization faild, require client certificate)

Admin Web always require  client cert.
Public Web can be connected at http(8080) or https(8442).



CMP - Admin Guide
http://ejbca.org/docs/adminguide.html#CMP


Build cmpclient as decribed here:
http://mkl-note.blogspot.tw/2015/03/cmpforopenssl.html

In ./cmpforopenssl-code/src/openssl/app
  1. Get CA cert (ManagementCA.pem)
    [EJBCA public Web] -> [Fetch CA certificates] -> [CA certificate: Download as PEM]
    cp ~/Downloads/ManagementCA.pem  .
    Or, (not sure if this link works for all)
    wget -O ManagementCA.pem "http://ejbca:8080/ejbca/publicweb/webdist/certdist?cmd=cacert&issuer=CN%3dManagementCA%2cO%3dEJBCA+Sample%2cC%3dSE&level=0"
  2. Prepare environment for openssl
    mkdir -p ../../../ssl; ln -s ../src/openssl/apps/openssl.cnf ssl

CMP for OpenSSL - Admin Guide
http://ejbca.org/docs/adminguide.html#CMP%20for%20OpenSSL

RA mode

  1. Generate private key
    openssl genrsa  -out key1.pem 2048
  2. Passed
    $ ./openssl cmp -cmd ir -server localhost:8080 -path ejbca/publicweb/cmp/opensslra -srvcert ManagementCA.pem -user NewUser -pass password -certout clcert1.pem -newkey key1.pem -keyfmt PEM -certfmt PEM -subject "/CN=NewUser/O=My Organization/C=SE"
    Using configuration from /home/ejbca/prj/cmpforopenssl-code/src/../ssl/openssl.cnf
    INFO: Sending Initialization Request
    SUCCESS: validating protection of incoming message
    INFO: Sending Certificate Confirm
    SUCCESS: validating protection of incoming message
    saving certificate to 'clcert1.pem'...


Client mode, HMAC password authentication

  1. Generate private key
    openssl genrsa  -out key2.pem 2048
  2.  Passed
    $ ./openssl cmp -cmd ir -server localhost:8080 -path ejbca/publicweb/cmp/opensslclient -srvcert ManagementCA.pem -user user1 -pass password -certout clcert2.pem -newkey key2.pem -keyfmt PEM -certfmt PEM -subject "/CN=user1/O=My Organization/C=SE"
    Using configuration from /home/ejbca/prj/cmpforopenssl-code/src/../ssl/openssl.cnf
    INFO: Sending Initialization Request
    SUCCESS: validating protection of incoming message
    INFO: Sending Certificate Confirm
    SUCCESS: validating protection of incoming message
    saving certificate to 'clcert2.pem'...
Client mode, client certificate authentication

  1. Generate private key
    openssl genrsa  -out key3.pem 2048
  2.  Failed
    $ ./openssl cmp -cmd ir -server localhost:8080 -path ejbca/publicweb/cmp/openssleec -srvcert ManagementCA.pem -cert clcert2.pem -key key2.pem -certout clcert3.pem -newkey key3.pem -keyfmt PEM -certfmt PEM -subject "/CN=user1/O=My Organization/C=SE"
    Using configuration from /home/ejbca/prj/cmpforopenssl-code/src/../ssl/openssl.cnf
    INFO: Sending Initialization Request
    140361658017440:error:3209608B:CMP routines:CMP_doInitialRequestSeq:pkibody error:cmp_ses.c:381:bodytype=23, error="PKIStatus: rejection, PKIFailureInfo: badRequest: Got request with status GENERATED (40), NEW, FAILED or INPROCESS required: user1."

  3. $ bin/ejbca.sh ra setclearpwd user1 password
    SETTING: --username as user1
    SETTING: --password as password
    Setting clear text password for user user1
    $ bin/ejbca.sh ra setendentitystatus user1 10
    SETTING: --username as user1
    SETTING: -S as 10
    New status for end entity user1 is 10
  4. Passed
    $ ./openssl cmp -cmd ir -server localhost:8080 -path ejbca/publicweb/cmp/openssleec -srvcert ManagementCA.pem -cert clcert2.pem -key key2.pem -certout clcert3.pem -newkey key3.pem -keyfmt PEM -certfmt PEM -subject "/CN=user1/O=My Organization/C=SE"
    Using configuration from /home/ejbca/prj/cmpforopenssl-code/src/../ssl/openssl.cnf
    INFO: Sending Initialization Request
    SUCCESS: validating protection of incoming message
    INFO: Sending Certificate Confirm
    SUCCESS: validating protection of incoming message
    saving certificate to 'clcert3.pem'...

Client mode, Vendor certificate authentication
Not tested, for it's EJBCA Enterprise only


Using Key Update Request instead of Initial Request
RA-Failed

openssl cmp -cmd kur -server $SERVER:8080 -path ejbca/publicweb/cmp/opensslra -srvcert $CACERT -user NewUser -pass password -cert $MYCERT -key $MYKEY -certout ${MYCERT}1 -newkey $MYKEY -keyfmt PEM -certfmt PEM -subject "/CN=NewUser/O=My Organization/C=SE"
WARNING: can't open config file: /home/prj/cmpforopenssl-code/src/../ssl/openssl.cnf
Using configuration from /home/prj/cmpforopenssl-code/src/../ssl/openssl.cnf
error loading the config file '/home/prj/cmpforopenssl-code/src/../ssl/openssl.cnf'
INFO: Sending Key Update Request
3075856008:error:3209708B:CMP routines:CMP_doKeyUpdateRequestSeq:pkibody error:cmp_ses.c:724:bodytype=23, error="PKIStatus: rejection, PKIFailureInfo: badRequest: EndEnityCertificate authentication module is not configured. For a KeyUpdate request to be authentication in RA mode, EndEntityCertificate authentication module has to be set and config
[CMP Configuration] -> [Edit CMP Alias: opensslra]
CMP Response Protection: pbe -> signature
CMP Authentication Module: enable EndEntityCertificate
Automatic Key Update: Allow

openssl cmp -cmd kur -server 192.168.110.120:8080 -srvcert /etc/ipsec.d/cacerts/cacert.pem -cert /etc/ipsec.d/certs/mycert.pem.old -key /etc/ipsec.d/private/mykey.pem -certout /etc/ipsec.d/certs/mycert.pem -newkey /etc/ipsec.d/private/mykey.pem -keyfmt PEM -certfmt PEM -subject "/CN=NewUser/O=My Organization/C=SE" -user NewUser -pass password -path ejbca/publicweb/cmp/opensslra                   
Using configuration from /usr/openssl.cnf                                      
INFO: Sending Key Update Request                                               
1099268871952:error:3209708B:CMP routines:CMP_doKeyUpdateRequestSeq:pkibody error:cmp_ses.c:714:bodytype=23, error="PKIStatus: rejection, PKIFailureInfo: badRequest: 'CN=NewUser,O=My Organization,C=SE' is not an authorized administrator."

Verifications in EndEntityCertificate Authentication Module: Omit

openssl cmp -cmd kur -server 192.168.110.120:8080 -srvcert /etc/ipsec.d/cacerts/cacert.pem -cert /etc/ipsec.d/certs/mycert.pem.old -key /etc/ipsec.d/private/mykey.pem -certout /etc/ipsec.d/certs/mycert.pem -newkey /etc/ipsec.d/private/mykey.pem -keyfmt PEM -certfmt PEM -subject "/CN=NewUser/O=My Organization/C=SE" -user NewUser -pass password -path ejbca/publicweb/cmp/opensslra                   
Using configuration from /usr/openssl.cnf                                      
INFO: Sending Key Update Request                                               
1099117520656:error:3209708B:CMP routines:CMP_doKeyUpdateRequestSeq:pkibody error:cmp_ses.c:714:bodytype=23, error="PKIStatus: rejection, PKIFailureInfo: badRequest: Omitting some verifications can only be accepted in RA mode and when the CMP request has already been authenticated, for example, through the use of NestedMessageContent"






2015年3月2日 星期一

Optical fiber



Optical fiber connector - Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Optical_fiber_connector

HP X120 1G SFP RJ45 T Transceiver - Transceivers - HP: JD089B
http://h30094.www3.hp.com/product.aspx?sku=10256625&pagemode=ca

10 Gigabit Ethernet - Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/10_Gigabit_Ethernet#Physical_layer_modules

2015年3月1日 星期日

cmpforopenssl

http://sourceforge.net/projects/cmpforopenssl/
 
Forked at https://github.com/mkl0301/cmpforopenssl/

sudo apt-get install libidn11-dev
make cmpclient

sudo apt-get install libpcre3-dev libsqlite3-dev libcurl4-openssl-dev unixODBC-dev
make



Running Server
sudo apt-get install unixodbc unixodbc-bin libmyodbc mysql-server

MySQL 新增使用者與權限設定 (筆記)
http://blog.toright.com/posts/1214/mysql-%E6%96%B0%E5%A2%9E%E4%BD%BF%E7%94%A8%E8%80%85%E8%88%87%E6%AC%8A%E9%99%90%E8%A8%AD%E5%AE%9A-%E7%AD%86%E8%A8%98.html
mysql的重要語法
http://mail.hmes.kh.edu.tw/~jona/redhat/mysqlphp/mysqlsyntax.htm

mysql -uroot -p
use mysql;
INSERT INTO user(host,user,password) VALUES('%','odbc',password('odbcpwd'));
GRANT ALL ON *.* TO 'odbc'@localhost IDENTIFIED BY 'odbcpwd' WITH GRANT OPTION;
FLUSH PRIVILEGES;

CREATE DATABASE odbc;
Check the path of the libmyodbc.so:
# dpkg-query -L libmyodbc
(..................)
/usr/lib/i386-linux-gnu/odbc/libmyodbc.so

Edit /etc/odbc.ini, add the following with the driver path from previous step:
[myodbc]
Driver       = /usr/lib/i386-linux-gnu/odbc/libmyodbc.so
Description  = MySQL ODBC 2.50 Driver DSN
SERVER       = localhost
PORT         = 3306
USER         = odbc
Password     = odbcpwd
Database     = odbc
OPTION       = 3
SOCKET       =
# ./srv_create_ca_cert.sh
./../bin/cmpserver-cl --createcert --cacert ./../certs/ca_cert.der --key ./../certs/ca_key.p15 --country DE --organization NSN --unit PG RDE 3 --commonname Martin's CA
SUCCESS init
SUCCESS add random
SUCCESS open keyset
SUCCESS creating Context
SUCCESS setting Attribute CRYPT_CTXINFO_LABEL
SUCCESS generating Key
SUCCESS creating the certificate
SUCCESS setting the CRYPT_CERTINFO_SUBJECTPUBLICKEYINFO attribute
SUCCESS setting the CRYPT_CERTINFO_COUNTRYNAME attribute
SUCCESS setting the CRYPT_CERTINFO_ORGANIZATIONNAME attribute
SUCCESS setting the CRYPT_CERTINFO_ORGANIZATIONALUNITNAME attribute
SUCCESS setting the CRYPT_CERTINFO_COMMONNAME attribute
SUCCESS setting the validity
SUCCESS setting the CRYPT_CERTINFO_SELFSIGNED attribute
SUCCESS setting the CRYPT_CERTINFO_CA attribute
SUCCESS signing the certificate
SUCCESS storing the private key
SUCCESS setting Certificat to be trusted
SUCCESS storing the public key
SUCCESS export Certificate - checking certMaxLength
SUCCESS export Certificate
SUCCESS Destroying the certificate
SUCCESS destroying context
SUCCESS close keyset
SUCCESS shutting down cryptlib
HINT:
  Don't forget to copy "./../certs/ca_cert.der" to the certs-directory
  of the client if it is different from this installation!

# ./srv_add_pki_usr.sh
./../bin/cmpserver-cl --createuser --country DE --organization NSN --unit PG RDE 312280 --commonname Martin Peylo
SUCCESS init
SUCCESS add random
SUCCESS open certstore
INFO: Creating PKI User COUNTRY:"DE" ORG:"NSN" UNIT:"PG RDE 319273" CN:"Martin Peylo"
SUCCESS creating certificate
SUCCESS storing the PKI User
User= CUF8T-BY2NY-WDB34
Password= VSZQH-3JZ8S-8FYJD-95V5H
RevPW= 7PCRB-2USY6-CFXGZ-NVGCX
DECODED, HEX: User= 8BE886D865A830E740
Password= 2EE3E517F43C5B207FDCF670
RevPW= 44F0E250B7045A9AEC998550
SUCCESS destroying certificate
SUCCESS close certstore
SUCCESS shutting down cryptlib

# ./srv_run_daemon.sh
./../bin/cmpserver-cl --daemon --server 192.168.1.107 --port 4711 --cacert ./../certs/ca_cert.der --key ./../certs/ca_key.p15
SUCCESS init
SUCCESS add random
SUCCESS open certstore
SUCCESS open keyset
INFO: Starting CMP Server, serverName=192.168.1.107, serverPort=4711
SUCCESS get the private Key
SUCCESS create CMP Server
SUCCESS set attribute for certStore
SUCCESS set attribute for private Key
SUCCESS set attribute for server Address
SUCCESS set attribute for server Port


Error: Segmentation fault while running srv_add_pki_usr.sh
64-bit Ubuntu 14.04.2,
$ ./srv_add_pki_usr.sh
./../bin/cmpserver-cl --createuser --country DE --organization NSN --unit PG RDE 327804 --commonname Martin Peylo
SUCCESS init
SUCCESS add random
SUCCESS open certstore
INFO: Creating PKI User COUNTRY:"DE" ORG:"NSN" UNIT:"PG RDE 39791" CN:"Martin Peylo"
SUCCESS creating certificate
./srv_add_pki_usr.sh: line 13: 24173 Segmentation fault      (core dumped) ${CMPSERVER} --createuser --country "${COUNTRY}" --organization "${ORG}" --unit "${UNIT}$RANDOM" --commonname "${CN}"
FIX: this issue didn't happen on 32-bit Ubuntu 12.04.3. It's likely that the root cause is 64-bit.

ERROR: User ID provided by client isn't a cryptlib user ID

# ./do_ossl_ir.sh CUF8T-BY2NY-WDB34 VSZQH-3JZ8S-8FYJD-95V5H
+ ./../bin/cmpclient --ir --server 192.168.1.107 --port 4711 --srvcert ./../certs/ca_cert.der --newkey ./../certs/cl_key.pem --newkeypass password --newclcert ./../certs/cl_cert.der --user CUF8T-BY2NY-WDB34 --password VSZQH-3JZ8S-8FYJD-95V5H
INFO: Reading DER Certificate from File ./../certs/ca_cert.der
SUCCESS: BIO_new
INFO: Using existing key file "./../certs/cl_key.pem"
INFO: Reading Public Key from File ./../certs/cl_key.pem
INFO: the passphrase is "password"...
SUCCESS: Reading PKEY
INFO: Sending Initialization Request
ERROR: received no initial Client Certificate. FILE cmpclient.c, LINE 394
3075692168:error:33080064:CRMF routines:CRMF_CERTREQMSG_set1_subject:crmferror:crmf_lib.c:509:
3075692168:error:3209608B:CMP routines:CMP_doInitialRequestSeq:pkibody error:cmp_ses.c:381:bodytype=23, error="PKIStatus: rejection, PKIFailureInfo: signerNotTrusted"
+ set +x
And server shows:
ERROR set attribute CMP session active  - in FILE: cmpserver-cl.c, LINE 365, status=-22
trying to get the Errorstring:
get errorStringLength:
The ErrorStringLength:51
get errorString:
The ErrorString: User ID provided by client isn't a cryptlib user ID
SUCCESS destroy private Key
SUCCESS destroy session
INFO: Starting CMP Server, serverName=192.168.1.107, serverPort=4711
SUCCESS get the private Key
SUCCESS create CMP Server
SUCCESS set attribute for certStore
SUCCESS set attribute for private Key
SUCCESS set attribute for server Address
SUCCESS set attribute for server Port
Neither does "/do_ossl_ir.sh CUF8T-BY2NY-WDB34 VSZQH-3JZ8S-8FYJD-95V5H" work.
FIX:

cryptlib-340/session/cmp_rd.c, updateUserID(), protocolInfo->userIDsize should be 9.

Use the "DECODED" hex string and encode the hex string to binary string, for example:
./do_ossl_ir.sh $(echo -en '\xD5\x79\xE9\x07\x16\xAD\x06\x42\x60') $(echo -en '\x57\x06\x2E\x02\xEA\x2A\x4E\x85\xFA\xEE\x52\xE0')
https://github.com/mkl0301/cmpforopenssl/commit/b7c446f264b402074aa9c6af8c7d8842be3ff24c


Error: Server core dump again...

# ./do_ossl_ir.sh 8BE886D865A830E740 2EE3E517F43C5B207FDCF670
+ ./../bin/cmpclient --ir --server 192.168.1.107 --port 4711 --srvcert ./../certs/ca_cert.der --newkey ./../certs/cl_key.pem --newkeypass password --newclcert ./../certs/cl_cert.der --user $'\213\350\206\330e\2500\347@' --password '.�� �<[ ��p'
INFO: Reading DER Certificate from File ./../certs/ca_cert.der
SUCCESS: BIO_new
INFO: Using existing key file "./../certs/cl_key.pem"
INFO: Reading Public Key from File ./../certs/cl_key.pem
INFO: the passphrase is "password"...
SUCCESS: Reading PKEY
INFO: Sending Initialization Request
ERROR: received no initial Client Certificate. FILE cmpclient.c, LINE 394
3075499656:error:33080064:CRMF routines:CRMF_CERTREQMSG_set1_subject:crmferror:crmf_lib.c:509:
3075499656:error:3209608B:CMP routines:CMP_doInitialRequestSeq:pkibody error:cmp_ses.c:381:bodytype=23, error="PKIStatus: rejection, PKIFailureInfo: duplicateCertReq"
+ set +x
And server core dumped(cryptlib debug enabled):
SVR: Reading message type 26.
SVR: Read new userID.
SVR: Read initial transID.
SVR: Read initial MAC params with salt, 500 iterations.
SVR: Writing message body type 1.
SVR: Writing MAC params with salt, 500 iterations.
SVR: Writing MAC params with salt, 500 iterations.
SVR: Writing userID.
SVR: Writing message body type 5.
SVR: Writing userID.
keyset/odbc.c:getErrorInfo:397: Couldn't read error information from database backend.
cmpserver-cl: keyset/odbc.c:398: getErrorInfo: Assertion `0' failed.
./srv_run_daemon.sh: line 12: 13306 Aborted                 (core dumped) ${CMPSERVER} --daemon --server ${SERVER} --port ${PORT} --cacert ${CACERT} --key ${CAKEY}
FIX:
I just think of that the libmyodbc installed by Ubuntu 12.04 is of version 5.1.10-1. And the README uses libmyodbc3.so. So I decided to rebuild libmyodbc3.

sudo apt-get install libmysqlclient-dev
(for libmyodbc3 require mysql_config)

http://cdn.mysql.com/Downloads/Connector-ODBC/3.51/mysql-connector-odbc-3.51.30-src.tar.gz
./configure --enable-test=no
make

Change the /etc/odbc.ini:
Driver       = /path/to/mysql-connector-odbc-3.51.30-src/driver/.libs/libmyodbc3.so
Purge the database and run again, than this issue is gone!! (but another issue await...)

ERROR:
# ./do_ossl_ir.sh 250660288E8F818C80 DD1574745262358B34341A70
+ ./../bin/cmpclient --ir --server 192.168.1.107 --port 4711 --srvcert ./../certs/ca_cert.der --newkey ./../certs/cl_key.pem --newkeypass password --newclcert ./../certs/cl_cert.der --user '% `(���' --password $'\335\025ttRb5\21344\032p'
INFO: Reading DER Certificate from File ./../certs/ca_cert.der
SUCCESS: BIO_new
INFO: Using existing key file "./../certs/cl_key.pem"
INFO: Reading Public Key from File ./../certs/cl_key.pem
INFO: the passphrase is "password"...
SUCCESS: Reading PKEY
INFO: Sending Initialization Request
SUCCESS: validating protection of incoming message
INFO: Sending Certificate Confirm

ERROR: received no initial Client Certificate. FILE cmpclient.c, LINE 394
3075491464:error:33080064:CRMF routines:CRMF_CERTREQMSG_set1_subject:crmferror:crmf_lib.c:509:
3075491464:error:3209D090:CMP routines:CMP_PKIMESSAGE_http_perform:server not reachable:cmp_http.c:893:56:Failure when receiving data from the peer:unable to send certConf
+ set +x
And server reported(cryptlib debug enabled):
SVR: Reading message type 26.
SVR: Read new userID.
SVR: Read initial transID.
SVR: Read initial MAC params with salt, 500 iterations.
SVR: Writing message body type 1.
SVR: Writing MAC params with salt, 500 iterations.
SVR: Writing MAC params with salt, 500 iterations.
SVR: Writing userID.
SVR: Writing message body type 5.
SVR: Writing userID.
ERROR set attribute CMP session active  - in FILE: cmpserver-cl.c, LINE 365, status=-41
trying to get the Errorstring:
get errorStringLength:
The ErrorStringLength:78
get errorString:
The ErrorString: No data was read because the remote system closed the connection (recv() == 0)
Facts:
  1. The first IR (type0/26 stands for any) and IP(type1) is sent and received successfully.
  2. client has sent the certConf
  3. ??server CANNOT receive anything??
  4. ??From server side message, server sent another type 5(CMPBODY_ERROR), but nothing reached wire??
  5. ??server actively close the socket (FIN is sent by server)?? 

Server side failed at cryptlib-340/session/cmp_svr.c: serverTransact() while reading data of CTAG_PB_CERTCONF, but nothing is received. I tried to use a while loop but nothing can be received. From packet captured, server had received the certConf, and ACKed, and even FINed. But nothing received in software.

 (Stuck)




ftp://ftp.franken.de/pub/crypt/cryptlib/manual.pdf
cryptlib uses a standard format for the user ID and password that follows the style used for software registration codes and serial numbers. The user ID is in the form XXXXX-XXXXX-XXXXX and the password is in the form XXXXX-XXXXX-XXXXX-XXXXX. Characters that might cause confusion (for example O and 0 or 1 and l) aren’t present, and the data contains a checksum which is used to catch typing errors when the user enters the information.

Error in running openssl cmp client
http://ejbca-develop.narkive.com/GiMkYheS/error-in-running-openssl-cmp-client
/root/sriram/cmpforopenssl-code/src/openssl-1.0.1e-cmp/apps/openssl cmp -cmd ir -server 10.206.1.3:8080 -path ejbca/publicweb/cmp -srvcert certs/ManagementCA.pem -user cmptest -pass CMP-pwd -newkey certs/cl_key.pem -certout certs/cl_cert.pem -subject "/CN=cmptest"
Getting error using CMP client with EJBCA
http://comments.gmane.org/gmane.comp.java.ejbca.devel/4541
ejbca:~/cmpforopenssl-code-766/src/openssl-client$ ./cmpclient --server localhost --port 8080 --path ejbca/public/cmp --srvcert ManagementCA.cacert.pem --ir --user vmware --password vmware --newclcert user1.der --newkey user_key.pem --subject "CN=vmware,C=SC"

2015年1月23日 星期五

Save password in Subversion


Enable the following options in ~/.subversion/config and /etc/.subversion/config:

store-passwords = yes
store-auth-creds = yes
And ~/.subversion/server and /etc/.subversion/config:
store-passwords = yes
store-ssl-client-cert-pp = yes
store-plaintext-passwords = yes
store-ssl-client-cert-pp-plaintext = yes

For unknown reason, my ~/.subversion became (I don't remember I have ran svn with sudo...):
drwx------  6 root root 4.0K  1月 20 21:18 auth
-rw-r--r--  1 root root 7.7K  1月 23 21:38 config
-rw-r--r--  1 root root 4.2K  1月 20 21:18 README.txt
-rw-r--r--  1 root root 8.2K  1月 23 21:39 servers
This prevent svn from storing/reading the password to/from the directory auth. After the following fixed my problem.
chown test:test ~/.subversion -R; chmod +r ~/.subversion/auth -R
It's just too stupid that I don't want to waste my time again.....


svn - How to save password when using Subversion from the console - Stack Overflow
http://stackoverflow.com/questions/2899209/how-to-save-password-when-using-subversion-from-the-console

SVN not storing password
http://www.wandisco.com/svnforum/threads/62783-SVN-not-storing-password

2015年1月20日 星期二

Huawei E3276 (Мегафон М150-1) on Ubuntu 14.04

Question #211095 : Questions : gnome-nettool package : Ubuntu
https://answers.launchpad.net/ubuntu/+source/gnome-nettool/+question/211095

Insert the dongle,

[  136.590998] usb 2-1: new high-speed USB device number 4 using xhci_hcd
[  136.608068] usb 2-1: New USB device found, idVendor=12d1, idProduct=14fe
[  136.608078] usb 2-1: New USB device strings: Mfr=2, Product=1, SerialNumber=0
[  136.608083] usb 2-1: Product: HUAWEI Mobile
[  136.608087] usb 2-1: Manufacturer: HUAWEI Technology
[  136.727118] usb-storage 2-1:1.0: USB Mass Storage device detected
[  136.727169] scsi4 : usb-storage 2-1:1.0
[  136.727244] usb-storage 2-1:1.1: USB Mass Storage device detected
[  136.727289] scsi5 : usb-storage 2-1:1.1
[  136.727349] usbcore: registered new interface driver usb-storage
[  137.726594] scsi 4:0:0:0: CD-ROM            HUAWEI   Mass Storage     2.31 PQ: 0 ANSI: 2
[  137.726600] scsi 5:0:0:0: Direct-Access     HUAWEI   TF CARD Storage  2.31 PQ: 0 ANSI: 2
[  137.727334] sd 5:0:0:0: Attached scsi generic sg1 type 0
[  137.728198] sd 5:0:0:0: [sdb] Attached SCSI removable disk
[  137.734924] sr0: scsi-1 drive
[  137.734930] cdrom: Uniform CD-ROM driver Revision: 3.20
[  137.735114] sr 4:0:0:0: Attached scsi CD-ROM sr0
[  137.735200] sr 4:0:0:0: Attached scsi generic sg2 type 5
[  137.833273] Buffer I/O error on device sr0, logical block 9
[  137.833280] Buffer I/O error on device sr0, logical block 9
[  137.833301] Buffer I/O error on device sr0, logical block 0
[  137.833304] Buffer I/O error on device sr0, logical block 0
[  137.833309] Buffer I/O error on device sr0, logical block 2
[  137.833311] Buffer I/O error on device sr0, logical block 2
[  137.833315] Buffer I/O error on device sr0, logical block 0
[  137.833318] Buffer I/O error on device sr0, logical block 0
[  137.833323] Buffer I/O error on device sr0, logical block 0
[  137.833326] Buffer I/O error on device sr0, logical block 1
[  137.835010] systemd-udevd[2260]: Failed to apply ACL on /dev/sr0: No such file or directory
[  137.835022] systemd-udevd[2260]: Failed to apply ACL on /dev/sr0: No such file or directory
[  137.853699] usb 2-1: USB disconnect, device number 4
[  143.088133] usb 2-1: new high-speed USB device number 5 using xhci_hcd
[  143.104880] usb 2-1: New USB device found, idVendor=12d1, idProduct=1506
[  143.104890] usb 2-1: New USB device strings: Mfr=2, Product=1, SerialNumber=0
[  143.104895] usb 2-1: Product: HUAWEI Mobile
[  143.104899] usb 2-1: Manufacturer: HUAWEI Technology
[  143.109191] usb-storage 2-1:1.2: USB Mass Storage device detected
[  143.109412] scsi6 : usb-storage 2-1:1.2
[  143.109604] usb-storage 2-1:1.3: USB Mass Storage device detected
[  143.109742] scsi7 : usb-storage 2-1:1.3
[  143.121976] usbcore: registered new interface driver usbserial
[  143.122001] usbcore: registered new interface driver usbserial_generic
[  143.122018] usbserial: USB Serial support registered for generic
[  143.169158] usbcore: registered new interface driver option
[  143.169173] usbserial: USB Serial support registered for GSM modem (1-port)
[  143.169226] option 2-1:1.0: GSM modem (1-port) converter detected
[  143.169324] usb 2-1: GSM modem (1-port) converter now attached to ttyUSB0
[  143.230122] usbcore: registered new interface driver cdc_ncm
[  143.246865] usbcore: registered new interface driver cdc_wdm
[  143.249678] huawei_cdc_ncm 2-1:1.1: MAC-Address: 0c:5b:8f:27:9a:64
[  143.249744] huawei_cdc_ncm 2-1:1.1: cdc-wdm0: USB WDM device
[  143.250045] huawei_cdc_ncm 2-1:1.1 wwan0: register 'huawei_cdc_ncm' at usb-0000:00:14.0-1, Huawei CDC NCM device, 0c:5b:8f:27:9a:64
[  143.250076] usbcore: registered new interface driver huawei_cdc_ncm
[  144.107254] scsi 7:0:0:0: Direct-Access     HUAWEI   TF CARD Storage  2.31 PQ: 0 ANSI: 2
[  144.107469] sd 7:0:0:0: Attached scsi generic sg1 type 0
[  144.111051] scsi 6:0:0:0: CD-ROM            HUAWEI   Mass Storage     2.31 PQ: 0 ANSI: 2
[  144.113405] sd 7:0:0:0: [sdb] Attached SCSI removable disk
[  144.114554] sr0: scsi-1 drive
[  144.114662] sr 6:0:0:0: Attached scsi CD-ROM sr0
[  144.114728] sr 6:0:0:0: Attached scsi generic sg2 type 5
[  144.338466] ISO 9660 Extensions: Microsoft Joliet Level 1
[  144.356014] ISOFS: changing to secondary root
And the following is found in /var/log/syslog. It seems there are some problems with ModemManager.
udisksd[1798]: Mounted /dev/sr0 at /media/test/Mobile Partner on behalf of uid 1000
usb_modeswitch[2446]: usb_modeswitch: switched to 12d1:1506 on 2/6
usb_modeswitch[2446]: usb_modeswitch: add device ID 12d1:1506 to driver option
usb_modeswitch[2446]: usb_modeswitch: please report the device ID to the Linux USB developers!
ModemManager[768]:   Creating modem with plugin 'Huawei' and '3' ports
ModemManager[768]:   Could not grab port (usbmisc/cdc-wdm0): 'Cannot add port 'usbmisc/cdc-wdm0', unsupported'
ModemManager[768]:   Couldn't create modem for device at '/sys/devices/pci0000:00/0000:00:14.0/usb2/2-1': Failed to find primary AT port
Therefore I use the following script from Janhouse (Janis Jansons)
git clone https://github.com/Janhouse/4g-connect-linux
sudo  apt-get install dhcpcd

Modify 4g-connect-linux/huawei-4g-linux.pl, and ensure the following is correct:
my $device="/dev/ttyUSB0";
my $interface="wwan0";
my $apn="Aeroflex.com";
sudo ./huawei-4g-linux.pl
This script also get IP by dhcpcd.
Huawei 4g modem (E3276 and possibly others) script by Janhouse (Janis Jansons).

Opening device: /dev/ttyUSB1
> ATZ
> OK
> ATZ
> OK
> ATQ0 V1 E1 S0=0
> OK
> AT^NDISDUP=1,1,"YOUR_APN_HERE"
> OK
> ^NDISSTAT:1,,,"IPV4"
> AT^DHCP?
> ^DHCP: 1010A0A,FCFFFFFF,2010A0A,2010A0A,0,0,150000000,150000000
> OK
Hexadecimal number > 0xffffffff non-portable at ./huawei-4g-linux.pl line 73.
' ignored at ./huawei-4g-linux.pl line 73.
Hexadecimal number > 0xffffffff non-portable at ./huawei-4g-linux.pl line 73.

You can close this script now or you can keep it open to monitor the link quality.

Link quality:
> AT+CSQ
> +CSQ: 31,99
> OK
dhcpcd.sh: interface wwan0 has been configured with new IP=YOUR_IP_OF_WWAN0
Or you can get it manually.
To get IP
sudo dhcpcd wwan0
sudo dhclient wwan
To release:
sudo dhcpcd -k wwan0
sudo dhclient -r wwan0

/var/lib/dhcp/dhclient.leases
option routers 10.10.1.1;

The connection is setup if DHCP client get an IP.

Known issue: only work for the first time dongle plugged into system. wwan0 is missing at second re-plug. Need reboot.

E3276: Failed to find primary AT port
http://lists.freedesktop.org/archives/modemmanager-devel/2014-June/001241.html

(20150126) Sometime the usb function switch not work, sometimes it does.
Even if it does, the wwan0 is not identified.
[17040.575411] usb 2-1: new high-speed USB device number 47 using xhci_hcd
[17040.592293] usb 2-1: New USB device found, idVendor=12d1, idProduct=14fe
[17040.592302] usb 2-1: New USB device strings: Mfr=2, Product=1, SerialNumber=0
[17040.592307] usb 2-1: Product: HUAWEI Mobile
[17040.592311] usb 2-1: Manufacturer: HUAWEI Technology
[17040.631072] usb-storage 2-1:1.0: USB Mass Storage device detected
[17040.631338] scsi20 : usb-storage 2-1:1.0
[17040.631655] usb-storage 2-1:1.1: USB Mass Storage device detected
[17040.631793] scsi21 : usb-storage 2-1:1.1
[17041.631494] scsi 20:0:0:0: CD-ROM            HUAWEI   Mass Storage     2.31 PQ: 0 ANSI: 2
[17041.631664] scsi 21:0:0:0: Direct-Access     HUAWEI   TF CARD Storage  2.31 PQ: 0 ANSI: 2
[17041.634175] sr0: scsi-1 drive
[17041.634887] sr 20:0:0:0: Attached scsi CD-ROM sr0
[17041.635077] sr 20:0:0:0: Attached scsi generic sg1 type 5
[17041.635552] sd 21:0:0:0: Attached scsi generic sg2 type 0
[17041.639660] sd 21:0:0:0: [sdb] Attached SCSI removable disk
[17041.669443] quiet_error: 2 callbacks suppressed
[17041.669448] Buffer I/O error on device sr0, logical block 8
[17041.669453] Buffer I/O error on device sr0, logical block 8
[17041.669464] Buffer I/O error on device sr0, logical block 8
[17041.669467] Buffer I/O error on device sr0, logical block 8
[17041.669471] Buffer I/O error on device sr0, logical block 8
[17041.669474] Buffer I/O error on device sr0, logical block 8
[17041.669477] Buffer I/O error on device sr0, logical block 8
[17041.669480] Buffer I/O error on device sr0, logical block 8
[17041.669483] Buffer I/O error on device sr0, logical block 8
[17041.669487] Buffer I/O error on device sr0, logical block 8
[17041.670818] systemd-udevd[11744]: Failed to apply ACL on /dev/sr0: No such file or directory
[17041.670827] systemd-udevd[11744]: Failed to apply ACL on /dev/sr0: No such file or directory
[17041.690950] usb 2-1: USB disconnect, device number 47
[17041.693473] systemd-udevd[11744]: Failed to apply ACL on /dev/sr0: No such file or directory
[17041.693482] systemd-udevd[11744]: Failed to apply ACL on /dev/sr0: No such file or directory
[17042.058504] usb 2-1: new high-speed USB device number 48 using xhci_hcd
[17042.075271] usb 2-1: New USB device found, idVendor=12d1, idProduct=1506
[17042.075276] usb 2-1: New USB device strings: Mfr=2, Product=1, SerialNumber=0
[17042.075278] usb 2-1: Product: HUAWEI Mobile
[17042.075281] usb 2-1: Manufacturer: HUAWEI Technology
[17042.077056] option 2-1:1.0: GSM modem (1-port) converter detected
[17042.077111] usb 2-1: GSM modem (1-port) converter now attached to ttyUSB1
[17042.077190] option 2-1:1.1: GSM modem (1-port) converter detected
[17042.077237] usb-storage 2-1:1.2: USB Mass Storage device detected
[17042.077291] scsi22 : usb-storage 2-1:1.2
[17042.077363] usb-storage 2-1:1.3: USB Mass Storage device detected
[17042.077395] scsi23 : usb-storage 2-1:1.3
[17043.074668] scsi 22:0:0:0: CD-ROM            HUAWEI   Mass Storage     2.31 PQ: 0 ANSI: 2
[17043.074673] scsi 23:0:0:0: Direct-Access     HUAWEI   TF CARD Storage  2.31 PQ: 0 ANSI: 2
[17043.074900] sd 23:0:0:0: Attached scsi generic sg1 type 0
[17043.076595] sd 23:0:0:0: [sdb] Attached SCSI removable disk
[17043.077249] sr0: scsi-1 drive
[17043.077385] sr 22:0:0:0: Attached scsi CD-ROM sr0
[17043.077469] sr 22:0:0:0: Attached scsi generic sg2 type 5

(20150123) After tested several times, the dongle cannot get detected on my 14.04 any more even after reboot
(20150126) Now it can, but not stable. Sometimes works, sometimes not.:
[21274.647803] usb 2-2: new high-speed USB device number 12 using xhci_hcd
[21274.664877] usb 2-2: New USB device found, idVendor=12d1, idProduct=14fe
[21274.664887] usb 2-2: New USB device strings: Mfr=2, Product=1, SerialNumber=0
[21274.664892] usb 2-2: Product: HUAWEI Mobile
[21274.664896] usb 2-2: Manufacturer: HUAWEI Technology
[21274.731839] usb-storage 2-2:1.0: USB Mass Storage device detected
[21274.732441] scsi4 : usb-storage 2-2:1.0
[21274.732533] usb-storage 2-2:1.1: USB Mass Storage device detected
[21274.732647] scsi5 : usb-storage 2-2:1.1
[21274.733080] usbcore: registered new interface driver usb-storage
[21275.731766] scsi 4:0:0:0: CD-ROM            HUAWEI   Mass Storage     2.31 PQ: 0 ANSI: 2
[21275.731898] scsi 5:0:0:0: Direct-Access     HUAWEI   TF CARD Storage  2.31 PQ: 0 ANSI: 2
[21275.732925] sr0: scsi-1 drive
[21275.732931] cdrom: Uniform CD-ROM driver Revision: 3.20
[21275.733132] sr 4:0:0:0: Attached scsi CD-ROM sr0
[21275.733245] sr 4:0:0:0: Attached scsi generic sg1 type 5
[21275.736527] sd 5:0:0:0: Attached scsi generic sg2 type 0
[21275.744259] sd 5:0:0:0: [sdb] Attached SCSI removable disk
[21275.838665] Buffer I/O error on device sr0, logical block 7
[21275.838670] Buffer I/O error on device sr0, logical block 7
[21275.839880] systemd-udevd[6071]: Failed to apply ACL on /dev/sr0: No such file or directory
[21275.839886] systemd-udevd[6071]: Failed to apply ACL on /dev/sr0: No such file or directory
[21275.843089] systemd-udevd[6071]: Failed to apply ACL on /dev/sr0: No such file or directory
[21275.843096] systemd-udevd[6071]: Failed to apply ACL on /dev/sr0: No such file or directory

Ubuntu 14.04 的中文輸入法...唉


sudo apt-get install ibus-chewing
重開機後
[System Settings] -> [Text Entry] 
或者到右上角去點去點輸入法的[En] -> [Text Entry Settings]
點[+] -> [選擇Chinese (Chewing)]




Change log : Trusty (14.04) : ibus-chewing package : Ubuntu
https://launchpad.net/ubuntu/trusty/+source/ibus-chewing/+changelog

language - 14.04 Chinese Ibus Input - No Options - Ask Ubuntu
http://askubuntu.com/questions/455682/14-04-chinese-ibus-input-no-options

Pinyin Joe - Ubuntu 10 - 14 Chinese input methods: IBus Pinyin, Chewing and more
http://www.pinyinjoe.com/linux/ubuntu-10-chinese-input-pinyin-chewing.htm

Pinyin Joe - Ubuntu 14.04 Chinese FAQ - ibus-pinyin and invalid utf-8 bugs
http://www.pinyinjoe.com/faq/ubuntu-1404-chinese-ime-problems-faq.htm