2011年12月27日 星期二

Telecom ETF

Telecom ETFs: The Telecommunications Sector Rides The Internet Wave (NYSE:IYZ, NYSE:VOX, NYSE:XTL, NYSE:IXP, NYSE:TTH, NYSE:WMH, NYSE:IST, NYSE:FCQ) | ETF DAILY NEWS
http://etfdailynews.com/2011/06/02/telecom-etfs-the-telecommunications-sector-rides-the-internet-wave-iyz-vox-xtl-ixp-tth-wmh-ist-fcq/

  • iShares DJ U.S. Telecommunications (NYSE:IYZ) is the largest telecom ETF and probably the most well-known.
  • Vanguard Telecommunications Services (NYSE:VOX) is my current favorite for this sector. VOX has broad coverage and is also the lowest-cost telecom ETF.
  • SPDR S&P Telecom (NYSE:XTL) is fairly new, launched only in January 2011. XTL is the only ETF from this sector that doesn’t use a traditional capitalization-weighted strategy. Instead, it is equal-weighted, giving more exposure to some of the smaller telecom stocks.
  • iShares S&P Global Telecommunications (NYSE:IXP) is a good solution if you want telecom exposure covering the entire globe, including the U.S.


ETF Watch: Does Value Exist in Telecom ETFs? (IYZ, VOX, IXP, TTH) - 24/7 Wall St.
http://247wallst.com/2011/07/21/etf-watch-does-value-exist-in-telecom-etfs-iyz-vox-ixp-tth/

Telecom ETF | IYZ, VOX, PRFQ, PTE, IXP, DGG | ETF MarketPro
http://www.etfmarketpro.com/Telecom-ETF-IYZ-VOX-PRFQ-PTE-IXP-DGG.html

Will Tax Hikes Slam Telecom ETFs? (IYZ, VOX, PTE) | ETF DAILY NEWS
http://etfdailynews.com/2010/09/09/will-tax-hikes-slam-telecom-etfs-iyz-vox-pte/

2011年12月26日 星期一

Disease equilibration

綠角財經筆記: A Splendid Exchange讀後感---貿易黑死病
http://greenhornfinancefootnote.blogspot.com/2011/12/splendid-exchange_15.html

這些在中古世界造成慘重傷亡的疾病,時至今日,為何殺傷力大減。醫藥進步是一個原因,但傳染病的自然演化過程,也扮演重要角色。

這個過程叫Disease equilibration。

傳染後讓宿主很快的死亡,對於病原本身不利,因為牠就失去了可以長住久安的宿主。所以在傳染過程中,會致病但又不至於毒性太高,立即殺死被感染者的病原,會較有機會存留下來。

宿主也經歷了這個過程。假如人口中某些人特別容易染病死亡,那麼他們會被傳染病掃除殆盡。剩下的是抵抗力較高的族群。

這兩個過程共同作用下,我們就會看到傳染病愈來愈”溫馴”。

作者以澳洲在1950年人為引進Myxoma Virus撲殺野兔的例子。當時是立竿見影,兔子死亡率高達99%以上。但到了1957年,致死率剩25%。

這個Disease equilibration的過程,約需要5-6代的時間。兔子一代較短,人的生命週期較長,5到6代約需要100到150年的時間。

當舊世界的人們,歷經傳染病的摧殘,終於完成Disease equilibration後。歐洲人對疾病的耐受力,是比槍炮更有威力的爭戰工具。與其接觸的美洲原住民,因為沒有抵抗力,死傷枕藉。

strongSwan

Required to build from git
apt-get install git gcc automake autoconf libtool pkg-config gettext perl python flex bison gperf lcov doxygen
 
git clean -xfd; ./autogen.sh;

Build
sudo echo ;./configure --prefix=/ && make && sudo make install


strongSwan - IPsec for Linux
http://www.strongswan.org/

IKEv2 Cipher Suites
http://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites

strongSwan - UML Testing
http://www.strongswan.org/uml-testing.html

strongSwan - UML Readme
http://www.strongswan.org/uml-readme.html

1. Starting up the UML testing environment
2. Running the automated tests
3. Manual testing

strongSwan - Documentation
http://www.strongswan.org/documentation.html

strongSwan - InstallationDocumentation
http://wiki.strongswan.org/projects/strongswan/wiki/InstallationDocumentation

strongSwan - UML Testresults for strongSwan 4.x
http://www.strongswan.org/uml-testresults.html
(A LOT OF configuration samples)
Test ikev1/esp-alg-aes-gcm
http://www.strongswan.org/uml/testresults/ikev1/esp-alg-aes-gcm/
Test ikev1/net2net-psk
http://www.strongswan.org/uml/testresults/ikev1/net2net-psk/index.html

strongSwan - KernelModules
http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules,

strongSwan 5: How to create your own private VPN | Zeitgeist
https://www.zeitgeist.se/2013/11/22/strongswan-howto-create-your-own-vpn/

IpsecStandards - strongSwan
https://wiki.strongswan.org/projects/strongswan/wiki/IpsecStandards 

IPSec key management utilities that support AES-GCM

strongSwan: Yes
strongSwan - IKEv2CipherSuites - strongSwan - IKEv2/IPsec VPN for Linux, Android, FreeBSD, Mac OS X
http://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites

Openswan: Yes?
[Openswan dev] Does OpenSwan support AES-GCM and AES-GMAC???
http://lists.openswan.org/pipermail/dev/2009-March/002064.html
(AES GCM or CCM???)

[Openswan Users] AES GCM 256
http://lists.virus.org/users-openswan-1108/msg00078.html

racoon2: No
I cannot found any string "gcm" definition in the latest code (racoon2-20100526a).
Re: AES CTR, CCM, GCM in IPSec with KINK
http://www.racoon2.wide.ad.jp/ml/racoon2-users/201107/msg909.html

ipsec-tools/racoon: No
'Re: [Ipsec-tools-devel] Does Linux support AES-GCM and AES-GMAC???' - MARC
http://marc.info/?l=ipsec-tools-devel&m=123606045019199&w=2

ESP_Preferences - The Wireshark Wiki

ESP_Preferences - The Wireshark Wiki
http://wiki.wireshark.org/ESP_Preferences
RFC4106: The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP)
http://www.ietf.org/rfc/rfc4106.txt

2011年12月25日 星期日

Full tunnel vs split tunnel

Full VPN Tunnel
http://www.elinanetworks.com/index.php/vpn-full-tunnel

Split tunnel setup
As shown in the figure below, the split tunnel is used where application data travels over the VPN tunnel setup to the HQ.

In this mode, the desktop has direct access to the Internet. In a small store setup, while the split tunnel provides application access over VPN tunnel, Internet access is not controlled. The only solution here is to add additional software components or an external firewall to limit access.

To overcome this problem, the full tunnel mode is used.

Full tunnel setup
In the full tunnel mode, the Secure VPN client configuration and setup is the same as before, but with one key change: all traffic from the desktop goes over the VPN tunnel.

In the full tunnel mode, since all traffic goes over the VPN tunnel, both application data and Internet access packets land up at the VPN concentrator at the HQ.

2011年12月20日 星期二

netcat (nc)

nc -s 20.0.0.1 -p 2000 -l
nc -s 30.0.0.1 20.0.0.1 2000


/usr/share/doc/nc-1.84/scripts

5.5.3 任意啟動 TCP/UDP 封包的埠口連線: nc, netcat
http://linux.vbird.org/linux_server/0140networkcommand.php#nc

tcpdump

Options

-i interface: interface to listen on.
-n: disable name lookups.
-t: don't print timestamps.
-s0 (or -s 0): use the max "snaplen"—capture full packets (default in recent versions of tcpdump).
-xx: dump data and link-layer header in hex
-XX: dump data and link-layer header in hex+ascii
-vvv: more verbose.


Filter Expression
tcp
port 25 and not host 10.0.0.3
icmp or arp or udp
vlan 3 and ether src host aa:bb:cc:dd:ee:ff
arp or udp port 53
icmp and \(dst host mrorange or dst host mrbrown\)



tcpdump fu | Linux Journal
http://www.linuxjournal.com/content/tcpdump-fu?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+linuxjournalcom+%28Linux+Journal+-+The+Original+Magazine+of+the+Linux+Community%29&utm_content=Google+Reader

Aloe Blacc - I Need A Dollar

Aloe Blacc - I Need A Dollar
http://www.youtube.com/watch?feature=player_embedded&v=nFZP8zQ5kzk#!

I need a dollar dollar, a dollar is what I need
hey hey
Well I need a dollar dollar, a dollar is what I need
hey hey
And I said I need dollar dollar, a dollar is what I need
And if I share with you my story would you share your dollar with me

Bad times are comin and I reap what I don't sow
hey hey
Well let me tell you somthin all that glitters ain't gold
hey hey
It's been a long old trouble long old troublesome road
And I'm looking for somebody come and help me carry this load

Bridge:
I need a dollar dollar, a dollar is what I need
hey hey
Well I need a dollar dollar, a dollar is what I need
Well I don't know if I'm walking on solid ground
Cause everything around me is falling down
And all I want - is for someone - to help me

I had a job but the boss man let me go
He said
I'm sorry but I won't be needing your help no more
I said
Please mister boss man I need this job more than you know
But he gave me my last paycheck and he sent me on out the door

Bridge:
Well I need a dollar dollar, a dollar is what I need
hey hey
Said I need a dollar dollar, a dollar is what I need
hey hey
And I need a dollar dollar, a dollar is what I need
And if I share with you my story would you share your dollar with me
Well i don't know if i'm walking on solid ground
Cause everything around me is crumbling down
And all I want is for someone to help me

What in the world am I gonna to do tomorrow
is there someone whose dollar that I can borrow
Who can help me take away my sorrow
Maybe its inside the bottle
Maybe its inside the bottle
I had some good old buddy his names is whiskey and wine
hey hey
And for my good old buddy i spent my last dime
hey hey
My wine is good to me it helps me pass the time
and my good old buddy whiskey keeps me warmer than the sunshine
Hey Hey
Your mama may have, bless the child that's got his own
Hey Hey
if god has plans for me i hope it aint - written in stone
Hey Hey
because i've been working working myself down to the bone
and i swear on grandpas grave I'll be paid when i come home
Hey Hey

Bridge:
Well I need a dollar dollar, a dollar is what I need
hey hey
Said need a dollar dollar, a dollar is what I need
hey hey
Well I need a dollar dollar, a dollar is what I need hey hey
And if I share with you my story would you share your dollar with me
come on share your dollar with me
go ahead share your dollar with me
come on share your dollar give me your dollar
share your dollar with me
come on share your dollar with me

2011年12月19日 星期一

"badges" of achievement for electronics, science and engineering

Iron on Patches : Adafruit Industries, Unique & fun DIY electronics and kits
http://www.adafruit.com/category/70

Magic Blue Smoke Monster - Skill badge, iron-on patch
http://www.adafruit.com/products/565

"Failure is only the opportunity to begin again more intelligently" - Henry Ford



Sometimes you need celebrate mistakes. Adafruit offers a fun and exciting "badges" of achievement for electronics, science and engineering. We believe everyone should be able to be rewarded for learning a useful skill, a badge is just one of the many ways to show and share.

This is the "I learned something, the magic blue smoke monster showed me" badge for use at classrooms, workshops, Maker Faires, TechShops and around the world to reward beginners on their skill building journey!

This beautiful badge is made in the USA.

The badge is skillfully designed and sturdily made to last a life time, the backing is iron-on but the badge can also be sewn on.

Magic smoke - Wikipedia, the free encyclopedia. http://www.blogger.com/img/blank.gif
http://en.wikipedia.org/wiki/Magic_smoke
Magic smoke (also called factory smoke or blue smoke) is smoke produced by malfunctioning electronic circuits. The origins of the magic smoke have become a running in-joke that started among electrical engineers and technicians before it was more recently adopted by computer programmers. The actual origin of blue smoke is the black plastic epoxy material that is used to package most common semiconductor devices such as transistors and integrated circuits, which produces a bluish coloured smoke during combustion. Smoke from other components that do not use this epoxy may vary in colour, but still be identified as the same phenomenon for purposes of the joke.

2011年12月16日 星期五

Aloe Blacc - Green Lights (Official Video HD) - YouTube

Aloe Blacc - Green Lights (Official Video HD) - YouTube
http://www.youtube.com/watch?v=9fbxTFevdAE


Something special happened today
I got green lights all the way
With no big red sign to stop me
No traffic jam delay

See I was driving over the moon
In my big hot air balloon
Floating high up into the darkness
I hope I'll get there soon

There's so many things to do
So many people I need to talk to
And they've all been waiting for me
Well I got to make it through

Something special happened today
I got green lights all the way
With no big red sign to stop me
No traffic jam delay

Think my stars will rather be green
You have no idea what it means
But to a man who's always traveling
Who's seen the things that I've seen

I don't know what's yet to come
Not sure of anything that I've done
Really makes that much of a difference
Well I hope it has for some

Something special happened today
I got Green lights all the way
With no big red sign to stop me
No traffic jam delay

Well I was driving over the moon
In my big hot air balloon
Floating high up in the darkness
I promise that I'll make it to you very soon

Something special happened today

Linux XFRM and IPSec

xfrm_policy
xfrm_state
xfrm_templ


IPsec overview | The Linux Foundation
http://www.linuxfoundation.org/collaborate/workgroups/networking/ipsec-overview

Adding policies and states from user space:
Handling addition of policies is done by:
xfrm_add_policy() ( net/xfrm/xfrm_user.c)
Handling addition of statees is done by:
xfrm_add_sa() ( net/xfrm/xfrm_user.c)
Handling creation of spi (using randomness) is done by
xfrm_alloc_userspi() ( net/xfrm/xfrm_user.c)
Diagam:
xfrm_lookup() invocation:


Linux Kernel Security Overview
http://namei.org/presentations/linux-kernel-security-kca09.pdf

Linux Kernel Networking
http://haifux.org/lectures/172/netLec.pdf
network_overview | The Linux Foundation
http://www.linuxfoundation.org/collaborate/workgroups/networking/networkoverview

Research on IPSec VPN Under Framework of XFRM Based on Linux
http://www.ecice06.com/CN/article/downloadArticleFile.do?attachType=PDF&id=13199
xfrm_policy{}表示IPSec SP,xfrm_state{}表示IPSec SA ;xfrm_state{}通过xfrm_templ{}和xfrm_ policy{}关联;SPD由xfrm_policy{}结构链组成,SAD由xfrm_state{}结构链组成。


Does Linux support AES-GCM and AES-GMAC???
http://permalink.gmane.org/gmane.network.ipsec.tools.devel/1631
- To IPsec SA identifier, RFC 4106 says:
8.3. Phase 2 Identifier

For IKE Phase 2 negotiations, IANA has assigned three ESP Transform
Identifiers for AES-GCM with an eight-byte explicit IV:

18 for AES-GCM with an 8 octet ICV;
19 for AES-GCM with a 12 octet ICV; and
20 for AES-GCM with a 16 octet ICV.

- To PF_KEY cipher type:

Linux pfkeyv2 seems to have:
#define SADB_X_EALG_AES_GCM_ICV8 18
#define SADB_X_EALG_AES_GCM_ICV12 19
#define SADB_X_EALG_AES_GCM_ICV16 20

2011年12月13日 星期二

Finding what branch/tag a commit came from

git branch --contains <CommitID>
git tag --contains <CommitID>

$ git branch --contains 3f80fbff5f1
* master
$ git tag --contains 3f80fbff5f1
v2.6.39
v3.0
v3.0-rc1
(....)

grit - Git: Finding what branch a commit came from - Stack Overflow
http://stackoverflow.com/questions/2706797/git-finding-what-branch-a-commit-came-from

2011年12月12日 星期一

BASH: How do I clear Bash's cache of paths to executables?

BASH cached the searched path of the executables??!! , WTF....

# xxx.sh
xxx.sh: command not found
# touch /bin/xxx.sh
# chmod +x /bin/xxx.sh
# xxx.sh
# rm /bin/xxx.sh
# xxx.sh
bash: /bin/xxx.sh: No such file or directory

How do I clear Bash's cache of paths to executables?
http://unix.stackexchange.com/questions/5609/how-do-i-clear-bashs-cache-of-paths-to-executables
bash does cache the full path to a command.
To clear the entire cache:
hash -r
Or just one entry:
hash -d svnsync
More info in help hash and man bash .

2011年12月7日 星期三

NAT-Traversal

[wiki] NAT traversal and IPsec
http://en.wikipedia.org/wiki/NAT_traversal#NAT_traversal_and_IPsec

[wiki] NAT-T
http://en.wikipedia.org/wiki/NAT-T

NAT-T (NAT traversal in the IKE) is a method of enabling IPsec-protected IP datagrams to pass through network address translation (NAT). RFC 3947 defines the negotiation during the Internet key exchange (IKE) phase and RFC 3948 defines the UDP encapsulation.

An IP packet is modified while passing through a network address translator device in a manner that is incompatible with Internet Protocol Security (IPsec). NAT-T protects the original IPsec encoded packet by encapsulating it with another layer of UDP and IP headers.



How Does NAT-T work with IPSec?
https://supportforums.cisco.com/docs/DOC-16591

RFC3947: Negotiation of NAT-Traversal in the IKE
http://www.ietf.org/rfc/rfc3947.txt
(It seems NATT "MUST" use UDP dport 4500)
(Both data and IKE message after first Phase 1 negotiation could use UDP dport 4500)
3. Phase 1
The detection of support for NAT-Traversal and detection of NAT along the path between the two IKE peers occurs in IKE [RFC2409] Phase 1.

(......)
3.1. Detecting Support of NAT-Traversal
(......)
3.2. Detecting the Presence of NAT
(......)

4. Changing to New Ports
(......)
In Main Mode, the initiator MUST change ports when sending the ID payload if there is NAT between the hosts. The initiator MUST set both UDP source and destination ports to 4500. All subsequent packets sent to this peer (including informational notifications) MUST be sent on port 4500. In addition, the IKE data MUST be prepended with a non-ESP marker allowing for demultiplexing of traffic, as defined in [RFC3948].

Thus, the IKE packet now looks like this:

IP UDP(4500,4500) <non-ESP marker> HDR*, IDii, [CERT, ] SIG_I

This assumes authentication using signatures. The 4 bytes of non-ESP marker are defined in the [RFC3948].

(......)

The responder MUST respond with all subsequent IKE packets to this peer by using UDP(4500,Y).

Similarly, if the responder has to rekey the Phase 1 SA, then the rekey negotiation MUST be started by using UDP(4500,Y). Any implementation that supports NAT traversal MUST support negotiations that begin on port 4500. If a negotiation starts on port 4500, then it doesn't need to change anywhere else in the exchange.


RFC3948: UDP Encapsulation of IPsec ESP Packets
http://www.ietf.org/rfc/rfc3948.txt
2.1. UDP-Encapsulated ESP Header Format
The UDP header is a standard [RFC0768] header, where
o the Source Port and Destination Port MUST be the same as that used by IKE traffic,
o the IPv4 UDP Checksum SHOULD be transmitted as a zero value, and
o receivers MUST NOT depend on the UDP checksum being a zero value.

The SPI field in the ESP header MUST NOT be a zero value.


2.2. IKE Header Format for Port 4500
The UDP header is a standard [RFC0768] header and is used as defined in [RFC3947]. This document does not set any new requirements for the checksum handling of an IKE packet.

A Non-ESP Marker is 4 zero-valued bytes aligning with the SPI field of an ESP packet.



IPsec and NAT Traversal - System Administration Guide: IP Services
http://docs.oracle.com/cd/E19963-01/html/821-1453/ipsec-ov-24.html

Linux Kernel 2.6 using KAME-tools -- NAT-Traversal
http://www.ipsec-howto.org/x304.html#AEN471

Openswan / NATTraversal
http://wiki.openswan.org/index.php/Openswan/NATTraversal

2011年12月6日 星期二

SA bundle

RFC 2401: Security Architecture for the Internet Protocol
http://www.ietf.org/rfc/rfc2401.txt

4.3 Combining Security Associations

The IP datagrams transmitted over an individual SA are afforded protection by exactly one security protocol, either AH or ESP, but not both. Sometimes a security policy may call for a combination of services for a particular traffic flow that is not achievable with a single SA. In such instances it will be necessary to employ multiple SAs to implement the required security policy. The term "security association bundle" or "SA bundle" is applied to a sequence of SAs through which traffic must be processed to satisfy a security policy. The order of the sequence is defined by the policy. (Note that the SAs that comprise a bundle may terminate at different endpoints. For example, one SA may extend between a mobile host and a security gateway and a second, nested SA may extend to a host behind the gateway.)

Security associations may be combined into bundles in two ways: transport adjacency and iterated tunneling.
  • Transport adjacency refers to applying more than one security protocol to the same IP datagram, without invoking tunneling. This approach to combining AH and ESP allows for only one level of combination; further nesting yields no added benefit (assuming use of adequately strong algorithms in each protocol) since the processing is performed at one IPsec instance at the (ultimate) destination.
  • Iterated tunneling refers to the application of multiple layers of security protocols effected through IP tunneling. This approach allows for multiple levels of nesting, since each tunnel can originate or terminate at a different IPsec site along the path. No special treatment is expected for ISAKMP traffic at intermediate security gateways other than what can be specified through appropriate SPD entries (See Case 3 in Section 4.5)
There are 3 basic cases of iterated tunneling -- support is required only for cases 2 and 3.:
  1. both endpoints for the SAs are the same -- The inner and outer tunnels could each be either AH or ESP, though it is unlikely that Host 1 would specify both to be the same, i.e., AH inside of AH or ESP inside of ESP.
  2. one endpoint of the SAs is the same -- The inner and uter tunnels could each be either AH or ESP.
  3. neither endpoint is the same -- The inner and outer tunnels could each be either AH or ESP.



Data networks: routing, security ... - Tony Kenyon - Google Books
http://books.google.com/books?id=kipV1OXOygMC&lpg=PA370&ots=8KgY4tNyXZ&dq=%22SA%20bundle%22%20%22Transport%20adjacency%22&pg=PA370#v=onepage&q=%22SA%20bundle%22%20%22Transport%20adjacency%22&f=false


Section 10.5. Combining Security Associations
http://fengnet.com/book/VPNs%20Illustrated%20Tunnels%20%20VPNsand%20IPsec/ch10lev1sec5.html

22.4.4 Combining IPSec protocols
http://www.scribd.com/doc/24850361/484/Combining-IPSec-protocols

Question on SA Bundle
http://www.sandelman.ottawa.on.ca/ipsec/2003/04/msg00027.html
http://www.sandelman.ottawa.on.ca/ipsec/2003/04/msg00045.html
Note that, SPD defines the security protocols such as ESP, AH. In a given SPD policy, you can have both ESP and AH together. This results into two SAs. Typically, IPSEC informs IKE to get the keys for both of them together. once IKE gets the keys, it can inform IPSEC packet processing to create the SA bundle with two SAs.

Since, IKE negotiates both together, if one SA life time expires, other SAs in the SA Bundle can be removed. That means either all SAs in the SA bundle exist or none exist

http://www.sandelman.ottawa.on.ca/ipsec/2003/04/msg00051.html
When writing 2401 we thought it might be possible to provide the ability to link together a number of SAs into a bundle, similar to what you describe in #1 above. However, in reality, IKE v1 was not able to negotiate a general notion of bundling, specifically a way to link new SAs to existing SAs. Thus, in practice the only bundles that occur arise when one negotiates both AH and ESP in a single IKE negotiaiton.

As we revise 2401, I anticipate clarifying this, and essentially doing away with the notion of bundles. I have not see a strong need for them in list discussions, nor does IKE v2 have support for adding SAs to a bundle.

http://www.sandelman.ottawa.on.ca/ipsec/2003/04/msg00057.html
Bundle is just a set of IPSEC transformations (and SA's) that are specified to be applied to a packet that maches a particular selector. The same component SA can be used in different "bundles".

That's about all that "bundle" means to me. Unfortunately, IKEv1 thinks/requires more strict "bundle" concept. It cannot negotiate individual SA's belonging to same "bundle" separately, or share SA's between bundles.

Key management should negotiate SA's individually.
(which means Key management SA bundle at once)

interpretation of SA bundle.
http://www.vpnc.org/ietf-ipsec/99.ipsec/msg02238.html
http://www.vpnc.org/ietf-ipsec/99.ipsec/msg02243.html
http://www.vpnc.org/ietf-ipsec/99.ipsec/msg02262.html
(I'm somehow confused by this thread)
http://www.vpnc.org/ietf-ipsec/99.ipsec/msg02264.html
> Do you say that each attributes of multiple proposal with same number
> MUST have same transport mode ?

The encapsulation is applied to the SAs as a whole. So, yes.

See section 2.1 of RFC 2408. Here's what you're doing when you have multiple proposal payloads with the same number in a single SA payload:
Protection Suite: A protection suite is a list of the security services that must be applied by various security protocols. For example, a protection suite may consist of DES encryption in IP ESP, and keyed MD5 in IP AH. All of the protections in a suite must be treated as a single unit. This is necessary because security services in different security protocols can have subtle interactions, and the effects of a suite must be analyzed and verified as a whole.


"All of the protections in a suite must be treated as a single unit."

In other words, the group of SAs that make up the suite live and die as a unit, and have encapsulation applied as a single logical unit.

2011年12月5日 星期一

Network Information System (NIS/YP)

Network Information System (NIS/YP)
http://www.freebsd.org/doc/handbook/network-nis.html

[Chapter 19] 19.4 Sun's Network Information Service (NIS)
http://docstore.mik.ua/orelly/networking/puis/ch19_04.htm

火箭爐(Rocket Stove)

省能火箭爐 搞定 環保野炊
http://tw.nextmedia.com/subapple/article/art_id/32862873/IssueID/20101006

火箭爐製作分享
http://f2l.b24h.tw/BLOG/b24h/show.php?vno=173

高效柴爐DIY - 101跑步農莊! - Yahoo!奇摩部落格
http://tw.myblog.yahoo.com/run365@kimo.com/article?mid=791&prev=859&next=762&l=f&fid=30

經濟效率的火箭爐
http://organic.b24h.tw/b24h/show.php?vno=831

雙重進氣火箭爐
http://organic.b24h.tw/b24h/show.php?vno=840

自然谷環境教育基地 -- 荒野保護協會環境信託: 節能減碳 -- 火箭爐
http://sowtrust.sow.org.tw/2012/01/blog-post_6421.html

3個舊鐵罐救地球-火箭爐DIY(上)
http://mypaper.pchome.com.tw/hwchen/post/1320397588

3個舊鐵罐救地球-火箭爐DIY(下)
http://mypaper.pchome.com.tw/hwchen/post/1320397640

無煙無燻更節能火箭爐-綺文與吉仁二代火箭爐 @ 自給自足 永續生活 :: 痞客邦 PIXNET ::
http://thefuture.pixnet.net/blog/post/78995155-%E7%84%A1%E7%85%99%E7%84%A1%E7%87%BB%E6%9B%B4%E7%AF%80%E8%83%BD%E7%81%AB%E7%AE%AD%E7%88%90%EF%BC%8D%E7%B6%BA%E6%96%87%E8%88%87%E5%90%89%E4%BB%81%E4%BA%8C%E4%BB%A3%E7%81%AB%E7%AE%AD

IP Payload Compression Protocol (IPComp)

IPComp

RFC 3173: IP Payload Compression Protocol (IPComp)
http://tools.ietf.org/rfc/rfc3173.txt

[wiki] IP Payload Compression Protocol
http://en.wikipedia.org/wiki/IP_Payload_Compression_Protocol

In networking IP Payload Compression Protocol, or IPComp, is a low level compression protocol for IP datagrams defined in RFC 3173.[1] The intent is to reduce the size of data transmitted over congested or slow network connections, thereby increasing the speed of such networks without losing data. According to the RFC requirements, compression must be done before fragmenting or encrypting the packet. It further states that each datagram must be compressed independently so it can be decompressed even if received out of order. This is important because it allows IPComp to work with both TCP and UDP network communications.

AES GCM/GMAC/XCBC

AES-GCM (crypto+auth)

[wiki] Galois/Counter Mode
http://en.wikipedia.org/wiki/Galois/Counter_Mode

a mode of operation for symmetric key cryptographic block ciphers that has been widely adopted because of its efficiency and performance. GCM throughput rates for state of the art, high speed communication channels can be achieved with reasonable hardware resources [1]. It is an authenticated encryption algorithm designed to provide both data authenticity (integrity) and confidentiality. GCM mode is defined for block ciphers with a block size of 128 bits. GMAC is an authentication-only variant of the GCM which can be used as an incremental message authentication code. Both GCM and GMAC can accept initialization vectors of arbitrary length.


AES-GCM (Galois Counter Mode) core for FPGA (Xilinx, Altera, Actel) and ASIC - Helion Technology
http://www.heliontech.com/aes_gcm.htm
AES-GCM is an authenticated encryption algorithm designed to provide both authentication and privacy. Developed by David A McGrew and John Viega, it uses universal hashing over a binary Galois field to provide authenticated encryption.

GCM was designed originally as a way of supporting very high data rates, since it can take advantage of pipelining and parallel processing techniques to bypass the normal limits imposed by feedback MAC algorithms. This allows authenticated encryption at data rates of many tens of Gbps, permitting high grade encryption and authentication on systems which previously could not be fully protected. More recently GCM is being specified for use in lower rate applications due to its ease of use and scalability.

AES-GCM is specified for use in a number of recent standards; for example it is one of the options specified by the IEEE 1619 group for securing data-at-rest stored on tape media. In networking, it is the security algorithm specified for use in MACsec (802.1AE), and in the ANSI Fibre Channel Security Protocols (FC-SP).


AES-GCM Functions
http://software.intel.com/sites/products/documentation/hpc/ipp/ippcp/ippcp_ch2/ch2_aes_gcm_functions.html
The Galois/Counter Mode (GCM) is a mode of operation of the AES algorithm. GCM [NIST SP 800-38D] uses a variation of the Counter mode of operation for encryption. GCM assures authenticity of the confidential data (of up to about 64 GB per invocation) using a universal hash function defined over a binary finite field (the Galois field).

GCM can also provide authentication assurance for additional data (of practically unlimited length per invocation) that is not encrypted. If the GCM input contains only data that is not to be encrypted, the resulting specialization of GCM, called GMAC, is simply an authentication mode for the input data.


[wiki] Finite field (aka Galois field)
http://en.wikipedia.org/wiki/Galois_field

RFC 5288: AES-GCM Cipher suites
http://www.rfc-editor.org/rfc/rfc5288.txt
AES-GCM is an authenticated encryption with associated data (AEAD) cipher


The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP)
http://www.ietf.org/rfc/rfc4106.txt

AES-GMAC (auth)
Advanced Encryption Standard Galois Message Authentication Code (AES-GMAC)

RFC4543: The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH
http://tools.ietf.org/rfc/rfc4543.txt

Re: AES-GMAC as a hash
http://www.mail-archive.com/cryptography@metzdowd.com/msg10843.html


AES-XCBC, aka CBC-MAC (auth)
[wiki] CBC-MAC
http://en.wikipedia.org/wiki/CBC-MAC
cipher block chaining message authentication code (CBC-MAC), is a technique for constructing a message authentication code from a block cipher.


[wiki] CMAC
http://en.wikipedia.org/wiki/CMAC
CMAC (Cipher-based MAC)[1] is a block cipher-based message authentication code algorithm.

The core of the CMAC algorithm is a variation of CBC-MAC that Black and Rogaway proposed and analyzed under the name XCBC[2] and submitted to NIST.[3] The XCBC algorithm efficiently addresses the security deficiencies of CBC-MAC, but requires three keys. Iwata and Kurosawa proposed an improvement of XCBC and named the resulting algorithm One-Key CBC-MAC (OMAC) in their papers.[4][5] They later submitted OMAC1[6], a refinement of OMAC, and additional security analysis.[7] The OMAC algorithm reduces the amount of key material required for XCBC. CMAC is equivalent to OMAC1.


RFC4434: The AES-XCBC-PRF-128 Algorithm for the Internet Key Exchange Protocol (IKE)
http://tools.ietf.org/rfc/rfc4434.txt

RFC3566: The AES-XCBC-MAC-96 Algorithm and Its Use With IPsec
http://tools.ietf.org/rfc/rfc3566.txt



Cryptography
http://en.wikipedia.org/wiki/Template:Crypto_navbox

Block ciphers (security summary)
http://en.wikipedia.org/wiki/Template:Crypto_block

Cryptographic hash functions and message authentication codes (MACs)
http://en.wikipedia.org/wiki/Template:Crypto_hash

2011年12月4日 星期日

Traffic Flow Confidentiality (TFC)

Traffic Flow Confidentiality (TFC)
to hide/masquerade the traffic pattern to prevent statistical traffic analysis attacks.

RFC 4303 - IP Encapsulating Security Payload (ESP)
http://tools.ietf.org/html/rfc4303#page-17

2.7. Traffic Flow Confidentiality (TFC) Padding
As noted above, the Padding field is limited to 255 bytes in length. This generally will not be adequate to hide traffic characteristics relative to traffic flow confidentiality requirements. An optional field, within the payload data, is provided specifically to address the TFC requirement.
An IPsec implementation SHOULD be capable of padding traffic by adding bytes after the end of the Payload Data, prior to the beginning of the Padding field. However, this padding (hereafter referred to as TFC padding) can be added only if the Payload Data field contains a specification of the length of the IP datagram. This is always true in tunnel mode, and may be true in transport mode depending on whether the next layer protocol (e.g., IP, UDP, ICMP) contains explicit length information. This length information will enable the receiver to discard the TFC padding, because the true length of the Payload Data will be known. (ESP trailer fields are located by counting back from the end of the ESP packet.) Accordingly, if TFC padding is added, the field containing the specification of the length of the IP datagram MUST NOT be modified to reflect this padding. No requirements for the value of this padding are established by this standard.

In principle, existing IPsec implementations could have made use of this capability previously, in a transparent fashion. However, because receivers may not have been prepared to deal with this padding, the SA management protocol MUST negotiate this service prior to a transmitter employing it, to ensure backward compatibility. Combined with the convention described in Section 2.6 above, about the use of protocol ID 59, an ESP implementation is capable of generating dummy and real packets that exhibit much greater length variability, in support of TFC.
Implementations SHOULD provide local management controls to enable the use of this capability on a per-SA basis. The controls should allow the user to specify if this feature is to be used and also provide parametric controls for the feature.


Re: ESP's use of dummy packets?
http://old.nabble.com/Re%3A-ESP%27s-use-of-dummy-packets--td14036813.html

TfcProject – Discreet
http://minerva.netgroup.uniroma2.it/discreet/wiki/TfcProject

pfkeyv2.h in tfcproject/trunk/ipsec-tools-0.6.6/src/include-glibc/net – Discreet
http://minerva.netgroup.uniroma2.it/discreet/browser/tfcproject/trunk/ipsec-tools-0.6.6/src/include-glibc/net/pfkeyv2.h?desc=1

Traffic masking in IPsec: architecture and implementation
http://mycite.omikk.bme.hu/doc/81608.pdf

basic TFC mechanisms can be categorized as follows:
− Packet forming (padding, fragmentation, etc.);
− Packet timing (queuing and de-queuing);
− Dummy packet management (generation and discarding).

TFC Control Algorithms

(...............)

the simplest and most straightforward algorithm consists in embedding the SA’s traffic in a CBR traffic pattern (with packets of constant size and a constant packet inter-arrival time). Such algorithm is ideal in the level of protection, it has a low complexity, but it also introduces serious performance drawbacks both in limiting the throughput and in filling the network with padding and dummy packets.

It is worth noting here that besides CBR, any traffic pattern that is independent of the original traffic flowing in the SA has the same properties. Algorithms can also generate traffic independent patterns using stochastic processes (modifying packet size, timing, or both). Other control algorithms are the adaptive ones, where the output pattern depends on properties of the original flow. Some examples are random size padding, random introduced delay, or a rate adaptive CBR.

Traffic Flow Confidentiality in IPsec: Protocol and Implementation
http://www.cs.kau.se/IFIP-summerschool/summerschool2009/IFIP2007POST/slides/S07_S2_Simone_Teofili.pdf
It can combine the TFC basic mechanisms arbitrarily:
batching,
CBR (Continuous Bit rate),
random padding,
random delay algorithms
Queue congestion Reactive algorithm (still experimental)

A User Space application allows to configure TFC SA parameters
Delay Algorithm
Dummy
Padding
Fragmentation
Packets Length
Bit Rate




ESP Traffic Flow Confidentiality
http://www.hds.utc.fr/sar04/files/puig-presentation.pdf
traffic-flow confidentiality (TFC)
http://zvon.org/comp/r/ref-Security_Glossary.html#Terms~traffic-flow_confidentiality_%28TFC%29

2011年12月1日 星期四

GNU Debugger (GDB)

CROSS is the prefix of your cross-compiler, e.g. for mips64-linux-gnu-gcc, CROSS=mips64-linux-gnu
(Add the path to your cross-compiler to $PATH)

CROSS=mips64-octeon-linux-gnu

wget http://ftp.gnu.org/gnu/gdb/gdb-7.6.1.tar.bz2


tar xf gdb-7.6.1.tar.bz2
cd gdb-7.6.1/
mkdir build-mips
cd build-mips/


../configure --target=$(CROSS} --prefix=$(pwd)/install
make
make install



GDB: The GNU Project Debugger
http://www.gnu.org/s/gdb/

基本gdb
http://www.study-area.org/cyril/opentools/opentools/x1253.html

Debugging with GDB (入門篇)
http://www.study-area.org/goldencat/debug.htm

使用GDB來進行除錯
http://www.cis.nctu.edu.tw/~is93007/acd.htm

GDB Cheat Sheet - GDB Cheat Sheet.pdf
http://darkdust.net/files/GDB%20Cheat%20Sheet.pdf

tools - How to handle stripped binaries with GDB? No source, no symbols and GDB only shows addresses? - Reverse Engineering Stack Exchange
http://reverseengineering.stackexchange.com/questions/1935/how-to-handle-stripped-binaries-with-gdb-no-source-no-symbols-and-gdb-only-sho?rq=1

gdb backtrace to file • Andreas Schneider
http://blog.cryptomilk.org/2010/12/23/gdb-backtrace-to-file/
# alias bt='echo 0 | gdb -batch-silent -ex "run" -ex "set logging overwrite on" -ex "set logging file gdb.bt" -ex "set logging on" -ex "set pagination off" -ex "handle SIG33 pass nostop noprint" -ex "echo backtrace:\n" -ex "backtrace full" -ex "echo \n\nregisters:\n" -ex "info registers" -ex "echo \n\ncurrent instructions:\n" -ex "x/16i \$pc" -ex "echo \n\nthreads backtrace:\n" -ex "thread apply all backtrace" -ex "set logging off" -ex "quit" --args'

# bt $crashing_application
fcamel 技術隨手記: 用 python gdb 客製化 backtrace 的結果
http://fcamel-life.blogspot.tw/2013/08/python-gdb-backtrace.html



GDB complaint "Error opening terminal: xterm." while using "-tui" or GDB command "layout"
export TERMINFO=/lib/terminfo
Question #207761 : Questions : GCC ARM Embedded
https://answers.launchpad.net/gcc-arm-embedded/+question/207761




2011年11月30日 星期三

雜草學會 weed society Taiwan

雜草學會 weed society Taiwan
http://wssroc.agron.ntu.edu.tw/Default.htm

【雜草利用與管理】草生栽培研習會
http://wssroc.agron.ntu.edu.tw/workshop/cover200608.pdf

二、果園雜草對果樹及生育環境之影響
1.危害:
(1)競爭性危害
(2)非競爭性危

2.影響:
(1)增加土壤抗蝕能力
(2)涵養水分及調節蒸散作用
(3)改善作物養分的吸收及利用
(4)改善土壤質地
(5)與病蟲害之關係
草生栽培對果樹病蟲害之影響正反面皆有,何氏(1992)試驗指出在蘋果及櫻桃園中,以雙子葉草為草生栽培之植被優於單子葉草,因雙子葉草生區存在較多天敵,而單子葉草生區發現較多之葉璊。選擇適當草類,草生與果樹是可良性共存的。


二、草生栽培

1.草生草之選擇:枝葉茂盛、株型低矮、節部可生根、根部固著力強,可減低雨水沖刷與
逕流、無攀緣性、無刺、不妨礙果樹生長及園區管理作業、競爭性弱、根分泌物無毒害作用
者,為理想之地被植物。

新墾果園於整地前,應先將茅草等多年生宿根性雜草挖除

覆蓋作物的病蟲害與果園果樹主要病蟲害,應無共同性或寄主的關係,以免互相感染危
害,造成負面影響。

某些草種如紫花霍香薊提供了璊類天敵之蜜源,間接達到防治璊類之效果。

草生栽培之草種選擇時,應考慮七個層面:
1.能保護果園表土免被豪雨沖洗流失。
2.乾旱期間能緩衝日照,降低表土水份蒸發速率,維持土壤微濕度,使根部得以繼續吸收水份,維持果樹生長所需最低需水量,避免達到永久萎凋點(persistent wilt point)。
3.草生栽培之草種雖會與果樹競爭吸收部份肥料,但經一段期間後可行地上部割草、覆蓋、養分又回到土壤,或選擇矮生、匍匐性之豆科植物如多年生落花生,其根部能與根瘤菌共生,而固定空氣中的游離氮素,供釋迦果樹利用,不但節省能源又兼顧環保效益。
4.選擇的草種必須不是釋迦病蟲害種類的中間寄主,或能避開釋迦受害的關鍵期,以免生長期間增加防治病蟲害的困擾。
5.選擇的草種當成株為草生栽培時得使天敵的族群在無食餌下((preys),即釋迦無病蟲害種類族群發生)能獲得充分足夠的食物,或處於惡劣的環境(如釋迦強剪後無葉片、颱風豪雨、寒流低溫來襲、果農噴灑化學農藥時)能找尋隱蔽處及食物等供天敵的族群永續繁衍;或草生栽培之地下根部能有更多有利的環境,供土壤有益微生物菌落永續存活。
6.草生栽培之草種能提供花粉作為釋迦授粉昆蟲(如鞘翅目之出尾蟲科Nitidulidae 數種出尾蟲或本省土產的東方蜂(Apis cerana))的蜜源,使其族群在釋迦果園內得以存活。
7.具經濟效益性,選擇的草種最好是果園所在地土生土長的草種,不但經濟實惠(不必費錢費工再買草種及定植)而且免照顧,一年四季皆能生長良好。


雜草管理中之蟲害防治
http://wssroc.agron.ntu.edu.tw/note/%E9%9B%9C%E8%8D%89%E7%AE%A1%E7%90%86%E4%B8%AD%E4%B9%8B%E8%9F%B2%E5%AE%B3%E9%98%B2%E6%B2%BB.pdf

一、在農業生態系中雜草可能會帶來害蟲
在農業生態系中雜草為害蟲與病源之重要寄主,且在蟲害與植物病害之傳染途徑中亦擔任了將染病作物之病源傳至鄰近作物之媒介。

作物田旁的雜草可防止蟲害再次爆發

某些雜草(如刺蕁麻 、墨西哥臭杏 Chenopodium ambrosides、樟腦草Heterotheca subaxillaris 及豬草等 ) 在農業生態系中是重要的組成分,因其可提供對生態系動態平衡有益之昆蟲棲息並供應花粉、花蜜等食物來源,而在毫無雜草之單一作物田中,天敵則無法生存。

在單年生作物及果園地上覆蓋野花,會使特殊病蟲害之寄生性天敵發生機率大增,例如 Leius(1967) 發現果園中地面植叢出現使毛蟲卵及幼蟲被寄生天敵比率較無覆蓋植叢者提高18 倍。在果園中栽植綠肥作物Phacelia spp.(紫草科) 可使天敵寄生發生率由5%提高至75%;俄羅斯學者發現在十字花科作物中可找到兩種捲心菜蛾的寄生蜂 Apanteles glomeratus ,其可以野芥菜花朵為蜜源,並且野芥菜存在可使其壽命延長、產卵量增加;另在油菜田中的野芥菜, 亦可使寄生蜂之寄生率由10% 提高至60%(Telenga,1958)。雜草花朵亦為許多肉食性昆蟲的重要食物來源,花粉可為蠅類產生卵及肉食性瓢蟲等 昆蟲之重要食物,其中草蜻蛉特別喜歡菊科花朵,因其富含花蜜可充分供應糖分來源 (Hagen,1986)。

在英國棲息在刺蕁麻上之蚜蟲 (Microlophium carnosum) ,每年四月至五月會有捕食蚜蟲的肉食性動物會大量掠食而阻擋蚜蟲侵入作物,但一到七月中旬蕁麻被砍除後蚜蟲就會跑去危害鄰近的作物 (Perrin,1975)。

大部分益蟲較喜歡棲息在雜草,然後再遷移到作物上,且大多數例子中發現由於人為刈割或拔除雜草,而使這些棲息在雜草上的益蟲之遷移均被阻礙或延遲。

管理雜草之多樣性為耕作系統之要點且可明顯降低病源族群


作物田間的雜草藉由吸引病源昆蟲而降低作物病害的發生

很多的研究證實由於田間雜草增加天敵而使害蟲量降低

在混植雜草處理中,作物產量與昆蟲危害間無明顯相關。當雜草處理對害蟲族群與危害之降低成效達到最大時,並且忽略草食動物的密度,則雜草對作物產量無影響;顯然地,當雜草對草食動物數目降低之正面影響被排除後,由於雜草競爭所造成之作物減產問題才能受重視,亦顯示在雜草與作物間競爭不嚴重下,大豆、雜草與害蟲三者間關係就十分重要 (Andow,1991)。



SeedQuest - Central information website for the global seed industry
http://www.seedquest.com/news.php?type=news&id_article=22129&id_region=&id_category=&id_crop=

2011年11月28日 星期一

巨虹電子發表Android加密手機

巨虹電子發表Android加密手機
http://www.ithome.com.tw/itadm/article.php?c=70977

IC設計商巨虹電子以SkySafe品牌發表首款Android加密手機VIP007,手機搭載硬體加密技術,通過美國國家資訊擔保組織(NIAP)CC EAL5+安全等級,可對網路電話、簡訊傳輸及資料儲存加密確保通訊安全。

硬體加密技術主要內建在一張Micro SD記憶卡上,透過SIP(System In Package)封裝技術,以獨立空間整合控制器、ARM9處理器及Security Component,加密引擎具有一個單一的識別序號,並獨立運作,可抵禦木馬程式攻擊。

這項硬體加密技術採用AES-256標準,以RSA-2048演算法將數據資料加密,巨虹強調該技術已經NIAP認證通過為CC EAL5+安全等級(EAL等級從1到7),比現今銀行普遍使用的金融卡EAL4安全等級更高。

巨虹電子產品經理黎建君表示,數據經過加密引擎處理後傳送給對方,不只包括金鑰也會識別對方加密引擎的序號,若與接收對象的序號不符無法解密,因此即使數據在傳送過程中被第三者取得也無法解密,加密引擎使用巨虹自己開發的系統,相較於其他大型系統較不易被攻破。

目前一般的Android手機若要加密,大多透過下載安全或加密軟體,但容易佔用手機處理、記憶體等硬體資源,而且因為以手機直接處理加密作業,延遲時間也較長,無法加速加密過程,在某些情況下還容易受到木馬攻擊。

手機可對語音、簡訊及資料檔案進行加密,但必需搭配特殊的應用程式一起使用。語音部份提供網路電話加密通話功能,使用者需先輸入密碼(允許5次密碼錯誤)登入網路電話加密程式,才能撥打給另一支加密手機(同款手機),才能確保通話品質、加密的正確性。語音加密只支援巨虹開發的網路電話程式,無法對一般GSM通話加密。

而要傳送加密簡訊時,必需先與接收方的加密手機完成配對,才能開始傳送加密簡訊給對方;手機中存放的隱私照片、檔案、文件,只要是存放在記憶卡(整合加密引擎)也可以選擇加密保護,未來巨虹將開放雲端平台,讓使用者上傳加密檔案與親友分享。

VIP007為3.6吋觸控螢幕手機,採用Android 2.2平台,內建Qualcomm 1GHz處理器、500萬畫素相機,手機空機售價8.8萬元。

黎建君表示,將硬體加密技術整合到Micro SD記憶卡上,除了可確保手機使用安全,未來也進一步用在企業機密資料傳送、員工管理、資料庫權限,在一般大眾消費上,也可以NFC功能推廣手機電子錢包應用,以硬體加密技術保護交易資料傳送,相較於電信、手機業者希望交易資料存放在SIM卡或手機裡,整合到記憶卡上不受電信商、手機限制,更適合銀行業者推廣。

為什麼選擇華德福學校?

為什麼選擇華德福學校?
http://dahliakuo.pixnet.net/blog/post/29895126-%E7%82%BA%E4%BB%80%E9%BA%BC%E9%81%B8%E6%93%87%E8%8F%AF%E5%BE%B7%E7%A6%8F%E5%AD%B8%E6%A0%A1%EF%BC%9F

此篇文章原發表於成都華德福網站.
http://www.fit-2-learn.org/


為什麼選擇華德福學校?
(作者:吳 蓓 發表時間:2006-4-25)

去年暑假我回國探親,接受了北京人民廣播電台的採訪,記者問我,華德福是私立學校,家長要付不少學費,為什麼願意把孩子送到華德福學校?當時我只知道一個例子。在中國廣西農村推廣華德福教育的盧安克,被記者發現後,在媒體上報道了他的感人事跡。13歲時,他在普通學校精神幾乎崩潰,他的父親試著把他送到華德福學校,不同的教育環境拯救了盧安克,已經45歲的父親,目睹兒子的變化,深深被觸動,於是從一名建築師改行做了一名華德福老師。

重返英國後,我暗下決心,有機會一定要多問幾位家長。由於女兒和我一起回到英國,我從學生宿舍搬到村裡的房子。房東麥德琳太太有5個孩子,令我驚訝的是她把5個孩子全送到華德福學校和幼兒園(當地名稱為麥克荷)。最大的兒子今年16歲,最小的女兒4 歲。有一天麥德琳太太讓我搭她的車去女兒的學校。路上我問她為什麼喜歡華德福學校?
她說:「我年輕時學過一些人智學(華德福教育的哲學背景),對華德福學校的教育思想比較瞭解。我覺得華德福學校的學生比其他學校的學生接觸的範圍更廣泛、更開放,孩子們也更有自信。學校不為考試而強迫學生們學習,他們反對任何競爭,鼓勵學生之間、學生和老師之間的相互交往。」

「我在國內介紹華德福教育,經常被問到如果學校不鼓勵孩子競爭,長大後怎能適應社會?」
社會中充滿著競爭,為什麼成人要把競爭壓力過早施加在小孩子身上?童年的時間是短暫而又寶貴的。父母和學校應該把孩子健康愉快地成長放在首位,而不要把競爭看得那麼重要。
「在沒有競爭壓力的學校,孩子的學習成績是否較差呢?」
「不!」麥德琳說,今年6月份,她大兒子參加的全國統考,麥克荷學校名列東薩塞克斯地區第三名。麥德琳還特別強調,華德福學校的老師瞭解每位學生的需要,而公立學校卻不是這樣,他們按大綱、教材、考試來要求學生。但麥德琳的第二個兒子卻不適應華德福學校,小學畢業後,母親幫他選擇一所規模小,僅700多名學生的公立中學。

在英國生活,開支很大,我盡量利用業餘時間打工掙錢。去年年底我找到一份看孩子的臨時工作。母親瑪格瑞特有3位孩子,最大的女兒 10 歲,在麥克荷上小學五年級,二女兒6歲,在麥克荷剛上小學一年級。最小的兒子還不滿3歲。平時她接我去看孩子時,總是很匆忙,直到有一天麥克荷放學時,我看見瑪格瑞特正帶著孩子們在校園長凳上曬太陽,我走過去和她在陽光下交談起來。我問她為什麼把孩子送到華德福學校.

她回答:「華德福教育能夠培養孩子多種興趣,而不是僅僅智力訓練。公立學校及一些私立學校,還有大多數父母,尤其整個社會環境,對孩子的期待就是智力學習,將來上大學。這樣的孩子在今後的人生道路上,可能有一天他會感到迷茫,考上大學,研究生,這一切為了什麼?我真正的喜愛是什麼?我是什麼樣的人?我生命的意義是什麼?華德福學校的學生,由於廣泛的接觸和瞭解人類的藝術、手工、農業等各個領域,沒有單一的發展智力,這有助於他們尋找自己的人生道路,而不是被動地由父母或社會來決定。

她的大女兒最初上的是另一類私立小學,漸漸她發現女兒不願上學,後來越來越嚴重,為了上學,經常哭鬧。不得已她把大女兒轉到了華德福學校,從此再也沒有為上學苦惱過。她告訴我,每天接小女兒放學回家的路上,她經常聽到女兒唱歌。她說只有當小孩子高興時才會不由自主地唱起歌,女兒在學校一定過得很開心。

麥克荷一年級的主課老師勞拉就是瑪格瑞特小女兒的老師,我在她的班上聽了3天的課。我問她為什麼會當華德福的老師,她談起自己的經歷。她的大兒子開始上的是蒙台梭利學校,他的功課很好,卻問媽媽為什麼要上學?他不喜歡上學。女兒喜歡藝術,到了上學年齡,勞拉決定為她選一個有藝術特色的小學,結果發現了華德福學校,如她所願,女兒很喜歡這所學校。於是她又把大兒子轉到華德福學校,一直上到高中畢業。現在大兒子已經大學畢業,女兒正在讀大學,而第三個孩子還在華德福學校讀書。看到孩子們在華德福學校健康成長,她決定接受華德福教師培訓,6年前成為麥克荷學校教師。

勞拉作為母親和老師,對華德福教育的喜愛有四個原因。她說:「一是讓孩子成為孩子,不要過早地剝奪孩子的時間和空間,不要改變孩子的天性;二是重視想像力和創造力的培養,通過藝術化的方式達到教學目的。三同時也大量的學習各種知識,不是單純的從書本上學習,而是結合學生的實際體驗。雖然小學低年級的學生學習的書本知識比其他學校少,但幾年之後不僅能到同等水平,在某些方面還會超過,我的兩位孩子都順利地考上大學就是一個證明。四是認識到自己是整體的一個部分,是集體中的個人,是大自然中的一部分。個人對集體、對大自然負有責任。華德福教育注重培養有責任感的個體,而不是自我主義的個體。

我的鄰居有兩位日本母親,她們的孩子都在麥克荷上學,她們不遠萬里來到英國,就是為了孩子能上華德福學校。橫山今年40多歲,她是我的同班同學。70年代一位日本的母親到德國留學,經朋友推薦,送女兒上了當地的一所華德福幼兒園,然後又接著上華德福小學,期間她對女兒發生的變化又驚又喜,點點滴滴記錄下來,寫成一本書,結果大受歡迎,成了日本暢銷書。橫山讀到這本書時還沒有結婚,感慨自己已過了上學年齡,只有等將來有了孩子,發誓一定要讓他或她上華德福學校。3 年前,她如願已償,帶著9歲的女兒隻身來到英國,她的丈夫為母女提供大部分的資助。而另一位日本母親洋子,卻沒有這麼幸運,她早已離婚,也是受到那本書的影響,先是把兒子送到日本的第一所華德福幼兒園,兒子大了,當時日本還沒有華德福學校,她帶兒子到美國去上華德福小學。3年前又帶上兒子來英國上華德福中學。今年她已經54歲了,每週要打工20個小時,支付高昂的住房和生活開支。但她樂此不疲,只為兒子能上華德福學校。

幫助我出國學習華德福教育的 Jim Willetts先生,對我說:「我的女兒上小學二年級時,有一天哭著回家,我問她是不是有人欺負你了,她說不是,老師教她進位制,她怎麼也不會,老師批評了她。我去找老師,女兒學得慢,用不著去批評她,怎麼能要求每個孩子學習進度一樣?沒想到老師態度生硬,如果不願達到老師的要求,那就別來上學。我一氣之下,就讓女兒退學了。在四處尋找學校的過程中,朋友向我推薦華德福學校,我參觀之後就決定把女兒送進去,女兒再也沒有為上學哭過。我也從此對華德福教育產生了興趣。」從那時至今,對華德福教育的興趣持續了30多年,他一方面做商人,一方面把大量的時間、精力和錢投入到華德福教育中去,成為華德福協會的核心人物。由於女兒的一次不愉快經歷,像盧安克父親一樣,改變了他的一生。

遍及世界50多個國家的華德福幼兒園和學校,其中不少是家長們開創起來的。我參加英國教師會議時,曾遇到過一位母親,由於喜歡華德福教育,而當地沒有華德福的幼兒園,她就和其他幾位母親湊在一起,邊學習華德福教育,邊在孩子身上實習。我還聽說也有些母親在為華德福教育理想艱苦奮鬥的幾年後,終於當地建立了華德福幼兒園或學校,而她們的孩子卻已經長大,不需要接受華德福教育了。

在麥克荷幼兒園實習時,我遇到三位保育員,她們的孩子都是麥克荷的學生,有的畢業多年已經工作了,有的正在上幼兒園。她們告訴我,她們尤其喜歡華德福教育中對美的重視,當時我們正站在幼兒園的教室裡,她們指著周圍的環境說:「你到別的幼兒園裡就會感到差別。也許人心裡都有天然的對美的追求,美的環境特別打動我們,可以設想在這樣的環境中長大的孩子,心靈也是美麗的。

1999年9月我隨「自然之友」代表團考察德國的環境保護,我們參觀了漢堡市一所華德福學校。回國後,我寫了《參觀華德福學校》一文,在結尾處寫到:「離開德國已經8個月了,每當看到女兒走向水泥構築的小學校,我就會想起記憶中的那個學校:美的花園、美的教室、美的孩子。每當我看到她坐在書桌旁,做著那寫不完的作業,我就會想起記憶中的那個學校:孩子們在花園裡游戲,在春光下播種,在秋天收穫,他們品嚐著自己的勞動果實。女兒一天天地長大,到哪一天中國也能有華德福學校?」

2011年11月24日 星期四

NXP

ARM's Cortex Microcontroller Software Interface Standard (CMSIS)
http://www.arm.com/products/processors/cortex-m/cortex-microcontroller-software-interface-standard.php

Take control: How NXP's Patent-Pending SCT Improves Motor Control
http://www.digikey.com/us/en/techzone/microcontroller/resources/articles/nxps-patent-pending-sct.html

State-configurable timer (SCT)

The SCT is a sophisticated yet easy-to-configure timing function that delivers unprecedented flexibility. It lets designers configure advanced timing operations--including those required for complex motor-control functions -- while meeting tight development schedules. From an architecture standpoint, it is a timer-capture unit coupled with a highly flexible, event driven state machine. It brings two familiar concepts, event and state, to the area of timing, and thus enables wide variety of operations, including timing, counting, output modulation, and input capture.
NXP's SCT peripheral


NXP Cortex-M microcontrollers
http://www.arrownac.com/solutions/nxp/MSeries/pdf/NXP_04_0020_MCU_Family_Brochure_BD_NEW.pdf
Serial GPIO (SGPIO)
NXP’s SGPIO combine general-purpose I/O with a timer/shift register and can be used to create or capture multiple real-time serial data streams. This eliminates the need for code loops that manipulate GPIO in real time, and provides an easy-to-use alternative to CPU-intensive “bit banging”. SGPIO can also be configured to provide designers an extra standard serial interface (UART, I2S, I2C, etc.).

鬆餅

Baking mixes made easy | Krusteaz
http://www.krusteaz.com/

用COSTCO鬆餅粉做出美味鬆餅
http://www.babyhome.com.tw/mboard.php?op=d&sID=2471067&bid=13&r=2

日清鬆餅粉
http://tw.myblog.yahoo.com/katrina_toto/article?mid=2298

《蛋糕》懶人五分鐘Costco KRUSTEAZ鬆餅粉 – 堅果松露巧克力瑪芬
http://www.wretch.cc/blog/neyoko/7963386

傳說中的茶家鬆餅粉
http://www.yealing.net/read-2995.html

2011年11月23日 星期三

Big/little Endian DMA master and bus bit

Backround:

little endian ARM CPU (LE CPU)
AXI, bus data bit 0~63
a big endian device w/ DMA master (BE CPU)

Says a LE CPU write a 64-bit value to an address in memory, later a BE CPU get the 64-bit value from the address. Will they get the same value?
One of my colleague said YES, because
BE CPU will get byte 0 from bus bit 56~63
LE CPU will get byte 0 from bus bit 0-7
This access difference result in a 64-bit data swap, which cause the data of both CPU see the same value.

This is at least a fact on our SoC. MAYBE it is because the BE CPU expect the data on the bus is LE, therefore it change the way it take the byte 0.

But, is this the default behavior or convention, which BE CPU/DMA master will get byte 0 from bit 56-63? (I don't know now)

It depends on the implementation. In this case we did a swap, the "Word Consistent Approach".


Endianness and ARM System Endianness
http://mkl-note.blogspot.com/2009/05/endianness-and-arm-system-endianness.html

[wiki] Endianness
http://en.wikipedia.org/wiki/Endianness

[wiki] Bit numbering
http://en.wikipedia.org/wiki/Bit_numbering

LSB 0 bit numbering

LSB 0: A container for 8-bit binary number with the highlighted least significant bit assigned the bit number 0

When the bit numbering starts at zero for the least significant bit the numbering scheme is called "LSB 0".[1] This bit numbering method has the advantage that for any unsigned integral data type the value of the number can be calculated by using exponentiation with the bit number and a base of 2.

MSB 0 bit numbering

MSB 0:A container for 8-bit binary number with the highlighted most significant bit assigned the bit number 0

Similarly, when the bit numbering starts at zero for the most significant bit the numbering scheme is called "MSB 0".



Byte and Bit Order Dissection
http://www.linuxjournal.com/node/6788/print
Endianness of Bus
The bus we refer to here is the external bus we showed in the figure above. We use PCI as an example below. The bus, as we know, is an intermediary component that interconnects CPUs, devices and various other components on the system. The endianness of bus is a standard for byte/bit order that bus protocol defines and with which other components comply.

Take an example of the PCI bus known as little endian. It implies the following: among the 32 address/data bus line AD [31:0], it expects a 32-bit device and connects its most significant data line to AD31 and least significant data line to AD0. A big endian bus protocol would be the opposite.

For a partial word device connected to bus, for example, an 8-bit device, little endian bus-like PCI specifies that the eight data lines of the device be connected to AD[7:0]. For a big endian bus protocol, it would be connected to AD[24:31].

In addition, for PCI bus the protocol requires each PCI device to implement a configuration space. This is a set of configuration registers that have the same byte order as the bus.

Just as all the devices need to follow bus's rules regarding byte/bit endianness, so does the CPU. If a CPU operates in an endianness different from the bus, the bus controller/bridge usually is the place where the conversion is performed.

An alert reader nows ask this question, "so what happens if the endianness of the device is different from the endianness of the bus?" In this case, we need to do some extra work for communication to occur, which is covered in the next section.

Endianness of Devices
Kevin's Theory #1: When a multi-byte data unit travels across the boundary of two reverse endian systems, the conversion is made such that memory contiguousness to the unit is preserved.

We assume CPU and bus share the same endianness in the following discussion. If the endianness of a device is the same as that of CPU/bus, then no conversion is needed.

In the case of different endianness between the device and the CPU/bus, we offer two solutions here from a hardware wiring point of view. We assume CPU/bus is little endian and the device is big endian in the following discussion.

Word Consistent Approach
In this approach, we swap the entire 32-bit word of the device data line. We represent the data line of device as D[0:31], where D(0) stores the most significant bit, and bus line as AD[31:0]. This approach suggests wiring D(i) to AD(31-i), where i = 0, ..., 31. Word Consistent means the semantic of the whole word is preserved.
(...........)

Byte Consistent Approach
In this approach, we do not swap bytes, but we do swap the bits within each byte lane (bit at device bit-offset i goes to bus bit-offset (7-i), where i=0...7) in hardware wiring. Byte Consistent means the semantic of the byte is preserved.
(...........)

Endianness of Network Protocols
(...........)

Bit Transmission/Reception Order
The bit transmission/reception order specifies how the bits within a byte are transmitted/received on the wire. For Ethernet, the order is from the least significant bit (lower wire address offset) to the most significant bit (higher wire address offset). This apparently is little endian. The byte order remains the same as big endian, as described in early section.
(...........)

2011年11月15日 星期二

Can't Help Falling In Love

Richard Marx
http://www.youtube.com/watch?v=JCmoSqhDulM


Wise men say only fools rush in
But I can't help falling in love with you

Shall I stay, would it be a sin
If I can't help falling in love with you

Like a river flows surely to the sea
Darling so it goes
Some things are meant to be
Take my hand, take my whole life too
For I can't help falling in love with you

2011年11月14日 星期一

Blowin' In The Wind - Bob Dylan

http://www.youtube.com/watch?v=tGO8snK98l0


http://www.youtube.com/watch?v=hCCy6fYrl4g


http://www.youtube.com/watch?v=_zY_cM0_6vA


http://www.youtube.com/watch?v=0swR1mNsVSU&feature=related


How many roads must a man walk down, before you call him a man
(yes) How many seas must a white dove sail, before she sleeps in the sand
(yes) How many times must the cannonballs fly, before they are forever banned

*
The answer, my friend, is blowing in the wind
The answer is blowing in the wind

(yes) How many years can a mountain exist, before it is washed to the sea
(yes) How many years can some people exist, before they're allowed to be free
(yes) How many times can a man turn his head, and pretend that he just doesn't see

[Repeat *]

(yes) How many times must a man look up, before he can really see the sky
(yes) How many years must one person(man) have, before he can hear people cry
(yes) How many deaths will it take till he knows, that too many people have died

[Repeat *]

[wiki] Blowin' in the Wind
http://en.wikipedia.org/wiki/Blowin%27_in_the_Wind

2011年11月10日 星期四

2011年11月9日 星期三

能說、會做、敢承諾

能說、會做、敢承諾
http://www.businessweekly.com.tw/article.php?id=34462

[轉錄] 何飛鵬:能說、會做、敢承諾
http://www.wretch.cc/blog/kasdia/11867636

台北步道 - 雙北手牽手,親子動員來健走

雙北手牽手 親子動員來健走
http://www.healthyhiking.com.tw/index.html

雙北市政府邀請市民一齊攜手走出健康
http://www.ntpc.gov.tw/web/News?command=showDetail&postId=228302&FP=1068

左手香

左手香
http://163.20.57.4/person/plants/diary/e6.html

【植物名稱】左手香
【學 名】pogostemon cablin
【別 名】排香草、洋薄荷、藿香、到手香、印度薄荷、過手香
【科 名】唇形科
【產 地】馬來西亞和印度
【特 徵】高約15~30公分,全株密被細毛,具強烈特殊辛香味。葉肥厚,對生,廣卵形,先端純圓或銳,齒狀緣有點上捲。
【簡介用途】可作為飲料、芳香劑、藥用


[香草.藥草] 摸到手就香的~到手香(左手香)
http://manonmoon99.pixnet.net/blog/post/20726288-%5B%E9%A6%99%E8%8D%89%EF%BC%8E%E8%97%A5%E8%8D%89%5D-%E6%91%B8%E5%88%B0%E6%89%8B%E5%B0%B1%E9%A6%99%E7%9A%84%EF%BD%9E%E5%88%B0%E6%89%8B%E9%A6%99%EF%BC%88%E5%B7%A6%E6%89%8B%E9%A6%99
左手香
別名:藿香、印度薄荷、過手香、到手香。
科別:屬唇形花科多年生草本
原產地:馬來西亞、巴西、中國和印度

左手香很容易繁殖,只要將一片葉子或一段莖葉插入土裡,耐心等待一段時間後,就能長出另一株左手香.

§咽喉腫痛:
感冒初起時扁桃腺發炎造成的咽喉腫痛,可以取七八片到手香葉,用紗布包住輕輕搓揉擠出原汁,加一點蜂蜜或鹽巴,慢慢的吞嚥,越慢越好,成人一次約50cc,小朋友一次約20cc即可,一天兩次,非常有效,原本連吞口水都很痛的症狀,喝完一次後大約不到半小時即能獲得改善,大概喝兩次後就改善很多了。

§消炎消腫止癢:
當臉上長了很多紅痘痘而且會癢,時常忍不住想去抓它,或遇到跌打損傷瘀血黑青時,記得採些到手香葉,用紗布沾原汁貼敷於患處,很快就能消腫止癢及除瘀止痛了。

§美白防皺:
這是老阿嬤的私房保養品,就像絲瓜水的保濕收斂一樣的有名,每天洗臉時採二三片鮮葉,將汁液擠入洗臉水中,用毛巾按摩臉部去角質的同時,也促進到手香美白防皺成分的吸收,只要持之以恆,讓妳的肌膚年輕十歲二十歲絕對不是夢。


左手香茶 - 消除疲勞、預防感冒
http://wang-li-ming.blogspot.com/2009/05/blog-post.html

左手香超好用的 ^_^
http://www.babyhome.com.tw/mboard.php?op=d&sID=1908314&bid=4

2011年11月8日 星期二

得知 GCC 預先定義之 macro

得知 GCC 預先定義之 macro
http://blog.linux.org.tw/~jserv/archives/001799.html

$ echo | gcc -v -E -dM - | grep '^#define .*MAX'
$ echo | arm-linux-gcc -mcpu=iwmmxt -v -E -dM - | grep IWMMXT


echo | gcc -v -E -dM -

Using the GNU Compiler Collection - For gcc version 4.6.2
http://gcc.gnu.org/onlinedocs/gcc-4.6.2/gcc.pdf
-E
Stop after the preprocessing stage; do not run the compiler proper. The output is in the form of preprocessed source code, which is sent to the standard output. Input files which don’t require preprocessing are ignored.

-v
Print (on standard error output) the commands executed to run the stages of compilation. Also print the version number of the compiler driver program and of the preprocessor and the compiler proper.

-dM
Instead of the normal output, generate a list of ‘#define’ directives for all the macros defined during the execution of the preprocessor, including predefined macros. This gives you a way of finding out what is predefined in your version of the preprocessor. Assuming you have no file ‘foo.h’, the command
touch foo.h; cpp -dM foo.h

will show all the predefined macros. If you use ‘-dM’ without the ‘-E’ option, ‘-dM’ is interpreted as a synonym for ‘-fdump-rtl-mach’.

2011年11月7日 星期一

racoon2

TheRacoon2Project - racoon2
http://wwwhttp://www.blogger.com/img/blank.gif.racoon2.wide.ad.jp/w/?Racoon2

Internet Key Exchange (IKEv2) Protocol
  • RFC 4306
  • RFC 4307
  • RFC 4718
Kerberized Internet Negotiation of Keys (KINK)
  • RFC 4430
The Internet Key Exchange (IKE)
  • RFC 2409
  • RFC 3947
  • RFC 3948
PF_KEY Key Management API, Version 2
  • RFC 2367

(.............)


The previous racoon (usually called just as racoon, but sometimes racoon1 in contrast to racoon2) only supports IKEv1. Racoon2 implements both IKEv2, KINK, and IKEv1. The configuration syntax is completely different because the Racoon2 system supports multiple key exchange protocols.

2011年10月19日 星期三

阿朗壹 交通

枋寮站客運到車城站大約一小時左右

國立海洋生物博物館-館務服務-交通資訊-大眾運輸
http://www.nmmba.gov.tw/Service/Traffic/BusInfomation

鐵路資訊】
1. 西部縱貫鐵路,於高雄站下車,在火車站轉車(國光客運、高雄客運、屏東客運、中南客運)至車城【南保力】站,於對向(北上車道)候車站牌轉搭屏東客運接駁車到達本館。
2. 南迴鐵路(自東部往高雄方向),於枋寮站下車,再轉車(國光客運、高雄客運、屏東客運、中南客運)至車城【南保力】站,於對向(北上車道)候車站牌轉搭屏東客運接駁車到達本館。
* 臺灣鐵路管理局http://www.railway.gov.tw/(地址:台北市北平西路三號 / 電話:02-2381-5226)
【客運資訊】
高雄至海生館出高雄火車站後,可搭乘中南客運、國光客運、高雄客運、屏東客運往墾丁的方向皆可搭乘,到達車城、保力後,再轉搭客運車進海生館。
海生館到墾丁至海生館的售票口斜對面的公車站牌,搭乘墾丁街車到恆春轉運站,再從轉運站搭車到墾丁。
從高雄可搭國光、高雄、中南等客運公司班車至車城,再搭客運接駁車或計程車即可抵達。 
* 國光客運 TEL:(07)235-8352 http://www.kingbus.com.tw/
* 高雄客運 TEL:(07)237-1230 http://www.ksbus.com.tw/
* 屏東客運 TEL:(08)723-7131 http://www.ptbus.com.tw/index.htm



10/28-29「清淨.親近阿朗壹」旭海淨灘工作假期暨海角音樂會!
http://www.tmitrail.org.tw/?p=7144
集合地點/屏東縣車城鄉彰化商業銀行前(搭乘客運的夥伴請提前告知司機於「車城站」下車)


阿朗壹古道導覽解說住宿交通旅遊資訊 - 排灣族大龜文王國阿朗壹盟部(目前推出阿塱壹/阿朗壹古道部落遊學) - Yahoo!奇摩部落格
http://tw.myblog.yahoo.com/jw!FNH9AHqTHBYuFPektpeN/article?mid=1708

阿朗壹古道之二(規劃) @ 餃子的BLOG :: 痞客邦 PIXNET ::
http://c50d3c50d3.pixnet.net/blog/post/33673470-%E9%98%BF%E6%9C%97%E5%A3%B9%E5%8F%A4%E9%81%93%E4%B9%8B%E4%BA%8C%28%E8%A6%8F%E5%8A%83%29

台東鹿野 都蘭山 鸞山部落 森林博物館

鸞山部落~都蘭山森林文化博物館
http://www.backpackers.com.tw/forum/showthread.php?t=96137

守護原鄉 都蘭山森林文化博物館 | 台灣環境資訊協會-環境資訊中心
http://e-info.org.tw/node/21585

台東鹿野 探森林博物館 @ 愛木者 :: 隨意窩 Xuite日誌
http://blog.xuite.net/treelover/blog/20905607

撒布優(sapulju)部落

撒布優
http://www.e-tribe.org.tw/sapulju/DesktopDefault.aspx
台東縣金峰鄉新興村 撒布優(sapulju)部落

2011年10月18日 星期二

月桃繩

用月桃做蔴繩 - YouTube
哇係國寶!陳阿修編織月桃葉逾70載 - YouTube
https://youtu.be/8Vm5oPLjm6A
野外自製繩索 @ 鑽木取火部落 :: 痞客邦 ::
http://decomax8154.pixnet.net/blog/post/100783757-%E9%87%8E%E5%A4%96%E8%87%AA%E8%A3%BD%E7%B9%A9%E7%B4%A2
手工草繩 @ 管伯伯 :: 隨意窩 Xuite日誌
https://blog.xuite.net/pipemore7/blog/43638270-%E6%89%8B%E5%B7%A5%E8%8D%89%E7%B9%A9
月桃用處多 葉鞘編繩韌性強不易斷
http://titv.ipcf.org.tw/news-39095
手工草繩
http://www.wretch.cc/blog/pipemore7/13529109
傳統原住民月桃編織工藝到月桃產業化?https://ntutgid.files.wordpress.com/2014/04/e582b3e7b5b1e58e9fe4bd8fe6b091e69c88e6a183e7b7a8e7b994e5b7a5e8979de588b0e69c88e6a183e794a2e6a5ade58c96.pdf

重現月桃繩
http://enews.lym.gov.tw/content.asp?pid=75&k=526

月桃繩,這樣搓
http://tw.myblog.yahoo.com/welcome-mycountry/article?mid=2276&prev=-1&next=2254

 (44) 月桃渾身是寶 排灣譽"神奇植物 2014-02-19 TITV 原視族語新聞 - YouTube
https://www.youtube.com/watch?v=CW5Wq0J2_9w


月桃葉
http://pingtsifather27.pixnet.net/blog/post/181021518-%E6%8E%A1%E6%9C%88%E6%A1%83%E8%91%89
http://www.pcstore.com.tw/mayday/M07018237.htm
月桃葉處理方法:
1.先將月桃葉用新的菜瓜布在水柱下仔細清洗乾淨,由於月桃葉大多是現摘的,所以要注意有沒有泥土、蟲卵或是其他髒污的殘留。
2.煮一鍋水,水滾後將月桃葉放入熱水中煮大約5分鐘(用月桃葉包粽子,還要先煮過,不然纖維會脆掉而破掉,自然也包不成了。)
3.取出月桃葉,再一次洗淨後,用美工刀割除月桃葉的硬梗後瀝乾備用(中間的硬梗還是要削薄一點,才好包。)
4.月桃葉如未使用完,需每天換水,再直接放進冰箱冷藏。

2011年10月11日 星期二

2011年9月30日 星期五

2011年9月29日 星期四

Git Tutorials

中文
新人 Git 版本控制教學 | 小惡魔 - 電腦技術 - 工作筆記 - AppleBOY
http://blog.wu-boy.com/2012/02/how-to-use-git-version-control-for-new-beginner/
http://www.slideshare.net/appleboy/introduction-to-git-11436559

(Print this for reference.)
Zach Rusin’s Git Cheat Sheet
http://byte.kde.org/~zrusin/git/git-cheat-sheet-large.png

(Provide live demonstrations for each commands)
Git GoogleTechTalks/Randal Schwartz
http://www.youtube.com/watch?v=8dhZ9BXQgc4


(This document provide some explanations of git commands for their functionalities in the language of SVN. It doesn't really correctly describe the GIT, but it's a good start for SVN users.)
Git - SVN Crash Course
http://git.or.cz/course/svn.html

GitCasts
http://gitcasts.com/

Git Setup and Init
http://blip.tv/file/4094595
Git Normal Workflow
http://blip.tv/file/4094611
Git Interactive Add
http://blip.tv/file/4094632
Git Log
http://blip.tv/file/4094673
Git Browsing
http://blip.tv/file/4094687
Git Branching and Merging
http://blip.tv/file/4094707
Git Rebasing
http://blip.tv/file/4094727
Git Distributed Workflow
http://blip.tv/file/4094740
Creating Empty Branches
http://blip.tv/file/4094760
RailsConf 2008 Talk
http://blip.tv/file/4094854




More...

Git The Basics Tutorial
http://excess.org/article/2008/07/ogre-git-tutorial/

Tech Talk: Linus Torvalds on git
http://www.youtube.com/watch?v=4XpnKHJAok8



Git cheat sheets
http://help.github.com/git-cheat-sheets/

Git - Fast Version Control System
http://git-scm.com/

2011年9月26日 星期一

Rebuilding git-svn metadata

git svn init svn://localhost/xxxx/trunk
git update-ref refs/remotes/git-svn master
git svn fetch

Rebuilding .git/svn/refs/remotes/git-svn/.rev_map.c27b2ed6-37b1-4487-878e-468635907f87 ...
r1 = b55058aa44bb117c6c1c7e5f73ffd2153fe5cbed
r2 = be1b2adc46c2d24919bb5670b8eb8f1e4db1ba73
(................)
r2976 = 95e59b550d6fe29d26f5056ebaf1b1d42fc387b7
r2977 = c65e902e8e9e1398094142d8fc7800ed72e3104a
Done rebuilding .git/svn/refs/remotes/git-svn/.rev_map.c27b2ed6-37b1-4487-878e-468635907f87
The SVN URL string must be exactly the same as the one recorded in the log.
commit c65e902e8e9e1398094142d8fc7800ed72e3104a
Author: X <X@c27b2ed6-37b1-4487-878e-468635907f87>
Date: Thu Sep 22 04:08:39 2011 +0000

mesg...


git-svn-id: svn://localhost/xxx/trunk@2977 c27b2ed6-37b1-4487-878e-468635907f87
If the SVN URL is different, you will get the following:
Rebuilding .git/svn/refs/remotes/git-svn/.rev_map.c27b2ed6-37b1-4487-878e-468635907f87 ...
Done rebuilding .git/svn/refs/remotes/git-svn/.rev_map.c27b2ed6-37b1-4487-878e-468635907f87

(.......................)

Last fetched revision of refs/remotes/git-svn was r2977, but we are about to fetch: r1!
If you want to change the SVN URL, e.g.  "svn://localhost/xxx/trunk" to "svn://192.168.1.1/xxxx/trunk", you can do "git commit --amend" to alter the last commit's git-svn-id from
git-svn-id: svn://localhost/xxx/trunk@2977 c27b2ed6-37b1-4487-878e-468635907f87
to
git-svn-id: svn://192.168.1.1/xxx/trunk@2977 c27b2ed6-37b1-4487-878e-468635907f87
And set the git-svn to the new commit and run "git svn fetch"


Rebuilding git-svn metadata
http://utsl.gen.nz/talks/git-svn/intro.html#howto-track-rebuildmeta

2011年9月14日 星期三

2011年9月13日 星期二

dma-mapping

ad642d9 ARM: 6188/1: Add a config option for the ARM11MPCore DMA cache maintenance workaround
ca57926 ARM: 6187/1: The v6_dma_inv_range() function must preserve data on SMP


2ffe2da ARM: dma-mapping: fix for speculative prefetching
702b94b ARM: dma-mapping: remove dmac_clean_range and dmac_inv_range
a9c9147 ARM: dma-mapping: provide per-cpu type map/unmap functions
93f1d62 ARM: dma-mapping: simplify dma_cache_maint_page
65af191 ARM: dma-mapping: move selection of page ops out of dma_cache_maint_cont
4ea0d73 ARM: dma-mapping: push buffer ownership down into dma-mapping.c
18eabe2 ARM: dma-mapping: introduce the idea of buffer ownership

2.6.35 cache operation

pci_dma_sync_single_for_device
dma_sync_single_for_device
dma_sync_single_range_for_device
__dma_single_cpu_to_dev
___dma_single_cpu_to_dev
dmac_map_area = cpu_cache.dma_map_area
v6_dma_map_area

if (DMA_FROM_DEVICE) v6_dma_inv_range
v6_dma_clean_range



pci_dma_sync_single_for_cpu
dma_sync_single_for_cpu
dma_sync_single_range_for_cpu
__dma_single_dev_to_cpu
___dma_single_dev_to_cpu
dmac_unmap_area = cpu_cache.dma_unmap_area
v6_dma_unmap_area
if(!DMA_TO_DEVICE) v6_dma_inv_range



  • ...for_cpu
    • FROM_DEVICE: inv
    • TO_DEVICE: N/A
    • BIDIRECTIONAL: inv
  • ...for_device
    • FROM_DEVICE: inv, clean
    • TO_DEVICE: clean
    • BIDIRECTIONAL: clean

Linux term/arm's cache op
v6_dma_inv_range ==> inv
v6_dma_clean_range ==> clean
v6_dma_flush_range ==> clean+inv

2011年9月7日 星期三

VirtualBox can't operate in VMX root mode

SOLVED - Can't operate in VMX root mode?
http://forum.virtualbox.org/viewtopic.php?f=1&p=156122

sudo modprobe -r kvm_intel

2011年8月30日 星期二

OpenWrt for CNS3XXX

apt-get install subversion build-essential libncurses5-dev zlib1g-dev gawk git ccache gettext libssl-dev xsltproc

./scripts/feeds update -a
./scripts/feeds install -a
make defconfig
make menuconfig
(chose cns3xxx....etc)
make

make V=s

Output in ./bin

bin/
`-- cns3xxx
|-- md5sums
|-- openwrt-cns3xxx-rootfs.tar.gz
|-- openwrt-cns3xxx-uImage
|-- OpenWrt-SDK-cns3xxx-for-Linux-i686-gcc-linaro_uClibc-0.9.32.tar.bz2
|-- OpenWrt-Toolchain-cns3xxx-for-arm_v6k-gcc-linaro_uClibc-0.9.32_eabi.tar.bz2
`-- packages
|-- base-files_79-r28007_cns3xxx.ipk
|-- busybox_1.18.5-1_cns3xxx.ipk
(.............)
|-- iptables_1.4.10-4_cns3xxx.ipk
|-- iptables-mod-conntrack_1.4.10-4_cns3xxx.ipk
|-- iptables-mod-nat_1.4.10-4_cns3xxx.ipk
|-- kernel_2.6.39.2-1_cns3xxx.ipk
|-- kmod-crc-ccitt_2.6.39.2-1_cns3xxx.ipk
(.............)
|-- libc_0.9.32-79_cns3xxx.ipk
|-- libgcc_linaro-79_cns3xxx.ipk
(.............)


./target/linux/cns3xxx/
./target/linux/cns3xxx/config-default
./target/linux/cns3xxx/config-3.8

./build_dir/linux-cns3xxx/
./build_dir/linux-cns3xxx/linux-2.6.39.2

host related: ./build_dir/linux-cns3xxx/host/
kernel related: ./build_dir/linux-cns3xxx/linux-cns3xxx/
userspace application: ./build_dir/linux-cns3xxx/target-arm_v6k_uClibc-0.9.32_eabi/
cross toolchain related: ./build_dir/linux-cns3xxx/toolchain-arm_v6k_gcc-linaro_uClibc-0.9.32_eabi/


./build_dir/target-arm_v6k_uClibc-0.9.32_eabi/OpenWrt-SDK-cns3xxx-for-Linux-i686-gcc-linaro_uClibc-0.9.32/
./toolchain/uClibc/uClibc.config
./toolchain/uClibc/uClibc.config-locale


staging_dir/
Final toolchain is at
staging_dir/toolchain-arm_v6k_gcc-linaro_uClibc-0.9.32_eabi/bin/arm-openwrt-linux-uclibcgnueabi-gcc



OpenWrt
https://openwrt.org/

OpenWrt Wiki
http://wiki.openwrt.org/

[OpenWrt] platforms
https://dev.openwrt.org/wiki/platforms

TOC
[OpenWrt Wiki] Welcome Advanced User!
http://wiki.openwrt.org/doc/howto/user.advanced

[OpenWrt Wiki] Documentation - Developing
http://wiki.openwrt.org/doc/start#developing

[OpenWrt Wiki] Documentation - Technical references
http://wiki.openwrt.org/doc/start#technical.references

[OpenWrt Wiki] Documentation - Building
http://wiki.openwrt.org/doc/start#building


[OpenWrt Wiki] OpenWrt Buildroot – Installation
http://wiki.openwrt.org/doc/howto/buildroot.exigence

[OpenWrt Wiki] Image Generator
http://wiki.openwrt.org/doc/howto/obtain.firmware.generate
If you do not want to download a prebuild image but you do not want to go through the entire compilation process either, the alternative is to use the Image Generator (former called Image Builder). This is an already precompiled OpenWrt build environment suitable to create custom images without compiling anything.


[OpenWrt Wiki] Using the SDK
http://wiki.openwrt.org/doc/howto/obtain.firmware.sdk
The SDK is a relocatable, precompiled OpenWrt toolchain suitable to cross compile single userspace packages for a specific target without compiling the whole system from scratch.


OpenWrt Buildroot
http://downloads.openwrt.org/docs/buildroot-documentation.html

Web Interface Overview - OpenWrt Wiki
http://wiki.openwrt.org/doc/howto/webinterface.overview