2011年12月27日 星期二

Telecom ETF

Telecom ETFs: The Telecommunications Sector Rides The Internet Wave (NYSE:IYZ, NYSE:VOX, NYSE:XTL, NYSE:IXP, NYSE:TTH, NYSE:WMH, NYSE:IST, NYSE:FCQ) | ETF DAILY NEWS

  • iShares DJ U.S. Telecommunications (NYSE:IYZ) is the largest telecom ETF and probably the most well-known.
  • Vanguard Telecommunications Services (NYSE:VOX) is my current favorite for this sector. VOX has broad coverage and is also the lowest-cost telecom ETF.
  • SPDR S&P Telecom (NYSE:XTL) is fairly new, launched only in January 2011. XTL is the only ETF from this sector that doesn’t use a traditional capitalization-weighted strategy. Instead, it is equal-weighted, giving more exposure to some of the smaller telecom stocks.
  • iShares S&P Global Telecommunications (NYSE:IXP) is a good solution if you want telecom exposure covering the entire globe, including the U.S.

ETF Watch: Does Value Exist in Telecom ETFs? (IYZ, VOX, IXP, TTH) - 24/7 Wall St.

Telecom ETF | IYZ, VOX, PRFQ, PTE, IXP, DGG | ETF MarketPro

Will Tax Hikes Slam Telecom ETFs? (IYZ, VOX, PTE) | ETF DAILY NEWS

2011年12月26日 星期一

Disease equilibration

綠角財經筆記: A Splendid Exchange讀後感---貿易黑死病


這個過程叫Disease equilibration。




作者以澳洲在1950年人為引進Myxoma Virus撲殺野兔的例子。當時是立竿見影,兔子死亡率高達99%以上。但到了1957年,致死率剩25%。

這個Disease equilibration的過程,約需要5-6代的時間。兔子一代較短,人的生命週期較長,5到6代約需要100到150年的時間。

當舊世界的人們,歷經傳染病的摧殘,終於完成Disease equilibration後。歐洲人對疾病的耐受力,是比槍炮更有威力的爭戰工具。與其接觸的美洲原住民,因為沒有抵抗力,死傷枕藉。


Required to build from git
apt-get install git gcc automake autoconf libtool pkg-config gettext perl python flex bison gperf lcov doxygen
git clean -xfd; ./autogen.sh;

sudo echo ;./configure --prefix=/ && make && sudo make install

strongSwan - IPsec for Linux

IKEv2 Cipher Suites

strongSwan - UML Testing

strongSwan - UML Readme

1. Starting up the UML testing environment
2. Running the automated tests
3. Manual testing

strongSwan - Documentation

strongSwan - InstallationDocumentation

strongSwan - UML Testresults for strongSwan 4.x
(A LOT OF configuration samples)
Test ikev1/esp-alg-aes-gcm
Test ikev1/net2net-psk

strongSwan - KernelModules

strongSwan 5: How to create your own private VPN | Zeitgeist

IpsecStandards - strongSwan

IPSec key management utilities that support AES-GCM

strongSwan: Yes
strongSwan - IKEv2CipherSuites - strongSwan - IKEv2/IPsec VPN for Linux, Android, FreeBSD, Mac OS X

Openswan: Yes?
[Openswan dev] Does OpenSwan support AES-GCM and AES-GMAC???
(AES GCM or CCM???)

[Openswan Users] AES GCM 256

racoon2: No
I cannot found any string "gcm" definition in the latest code (racoon2-20100526a).
Re: AES CTR, CCM, GCM in IPSec with KINK

ipsec-tools/racoon: No
'Re: [Ipsec-tools-devel] Does Linux support AES-GCM and AES-GMAC???' - MARC

ESP_Preferences - The Wireshark Wiki

ESP_Preferences - The Wireshark Wiki
RFC4106: The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP)

2011年12月25日 星期日

Full tunnel vs split tunnel

Full VPN Tunnel

Split tunnel setup
As shown in the figure below, the split tunnel is used where application data travels over the VPN tunnel setup to the HQ.

In this mode, the desktop has direct access to the Internet. In a small store setup, while the split tunnel provides application access over VPN tunnel, Internet access is not controlled. The only solution here is to add additional software components or an external firewall to limit access.

To overcome this problem, the full tunnel mode is used.

Full tunnel setup
In the full tunnel mode, the Secure VPN client configuration and setup is the same as before, but with one key change: all traffic from the desktop goes over the VPN tunnel.

In the full tunnel mode, since all traffic goes over the VPN tunnel, both application data and Internet access packets land up at the VPN concentrator at the HQ.

2011年12月20日 星期二

netcat (nc)

nc -s -p 2000 -l
nc -s 2000


5.5.3 任意啟動 TCP/UDP 封包的埠口連線: nc, netcat



-i interface: interface to listen on.
-n: disable name lookups.
-t: don't print timestamps.
-s0 (or -s 0): use the max "snaplen"—capture full packets (default in recent versions of tcpdump).
-xx: dump data and link-layer header in hex
-XX: dump data and link-layer header in hex+ascii
-vvv: more verbose.

Filter Expression
port 25 and not host
icmp or arp or udp
vlan 3 and ether src host aa:bb:cc:dd:ee:ff
arp or udp port 53
icmp and \(dst host mrorange or dst host mrbrown\)

tcpdump fu | Linux Journal

Aloe Blacc - I Need A Dollar

Aloe Blacc - I Need A Dollar

I need a dollar dollar, a dollar is what I need
hey hey
Well I need a dollar dollar, a dollar is what I need
hey hey
And I said I need dollar dollar, a dollar is what I need
And if I share with you my story would you share your dollar with me

Bad times are comin and I reap what I don't sow
hey hey
Well let me tell you somthin all that glitters ain't gold
hey hey
It's been a long old trouble long old troublesome road
And I'm looking for somebody come and help me carry this load

I need a dollar dollar, a dollar is what I need
hey hey
Well I need a dollar dollar, a dollar is what I need
Well I don't know if I'm walking on solid ground
Cause everything around me is falling down
And all I want - is for someone - to help me

I had a job but the boss man let me go
He said
I'm sorry but I won't be needing your help no more
I said
Please mister boss man I need this job more than you know
But he gave me my last paycheck and he sent me on out the door

Well I need a dollar dollar, a dollar is what I need
hey hey
Said I need a dollar dollar, a dollar is what I need
hey hey
And I need a dollar dollar, a dollar is what I need
And if I share with you my story would you share your dollar with me
Well i don't know if i'm walking on solid ground
Cause everything around me is crumbling down
And all I want is for someone to help me

What in the world am I gonna to do tomorrow
is there someone whose dollar that I can borrow
Who can help me take away my sorrow
Maybe its inside the bottle
Maybe its inside the bottle
I had some good old buddy his names is whiskey and wine
hey hey
And for my good old buddy i spent my last dime
hey hey
My wine is good to me it helps me pass the time
and my good old buddy whiskey keeps me warmer than the sunshine
Hey Hey
Your mama may have, bless the child that's got his own
Hey Hey
if god has plans for me i hope it aint - written in stone
Hey Hey
because i've been working working myself down to the bone
and i swear on grandpas grave I'll be paid when i come home
Hey Hey

Well I need a dollar dollar, a dollar is what I need
hey hey
Said need a dollar dollar, a dollar is what I need
hey hey
Well I need a dollar dollar, a dollar is what I need hey hey
And if I share with you my story would you share your dollar with me
come on share your dollar with me
go ahead share your dollar with me
come on share your dollar give me your dollar
share your dollar with me
come on share your dollar with me

2011年12月19日 星期一

"badges" of achievement for electronics, science and engineering

Iron on Patches : Adafruit Industries, Unique & fun DIY electronics and kits

Magic Blue Smoke Monster - Skill badge, iron-on patch

"Failure is only the opportunity to begin again more intelligently" - Henry Ford

Sometimes you need celebrate mistakes. Adafruit offers a fun and exciting "badges" of achievement for electronics, science and engineering. We believe everyone should be able to be rewarded for learning a useful skill, a badge is just one of the many ways to show and share.

This is the "I learned something, the magic blue smoke monster showed me" badge for use at classrooms, workshops, Maker Faires, TechShops and around the world to reward beginners on their skill building journey!

This beautiful badge is made in the USA.

The badge is skillfully designed and sturdily made to last a life time, the backing is iron-on but the badge can also be sewn on.

Magic smoke - Wikipedia, the free encyclopedia. http://www.blogger.com/img/blank.gif
Magic smoke (also called factory smoke or blue smoke) is smoke produced by malfunctioning electronic circuits. The origins of the magic smoke have become a running in-joke that started among electrical engineers and technicians before it was more recently adopted by computer programmers. The actual origin of blue smoke is the black plastic epoxy material that is used to package most common semiconductor devices such as transistors and integrated circuits, which produces a bluish coloured smoke during combustion. Smoke from other components that do not use this epoxy may vary in colour, but still be identified as the same phenomenon for purposes of the joke.

2011年12月16日 星期五

Aloe Blacc - Green Lights (Official Video HD) - YouTube

Aloe Blacc - Green Lights (Official Video HD) - YouTube

Something special happened today
I got green lights all the way
With no big red sign to stop me
No traffic jam delay

See I was driving over the moon
In my big hot air balloon
Floating high up into the darkness
I hope I'll get there soon

There's so many things to do
So many people I need to talk to
And they've all been waiting for me
Well I got to make it through

Something special happened today
I got green lights all the way
With no big red sign to stop me
No traffic jam delay

Think my stars will rather be green
You have no idea what it means
But to a man who's always traveling
Who's seen the things that I've seen

I don't know what's yet to come
Not sure of anything that I've done
Really makes that much of a difference
Well I hope it has for some

Something special happened today
I got Green lights all the way
With no big red sign to stop me
No traffic jam delay

Well I was driving over the moon
In my big hot air balloon
Floating high up in the darkness
I promise that I'll make it to you very soon

Something special happened today

Linux XFRM and IPSec


IPsec overview | The Linux Foundation

Adding policies and states from user space:
Handling addition of policies is done by:
xfrm_add_policy() ( net/xfrm/xfrm_user.c)
Handling addition of statees is done by:
xfrm_add_sa() ( net/xfrm/xfrm_user.c)
Handling creation of spi (using randomness) is done by
xfrm_alloc_userspi() ( net/xfrm/xfrm_user.c)
xfrm_lookup() invocation:

Linux Kernel Security Overview

Linux Kernel Networking
network_overview | The Linux Foundation

Research on IPSec VPN Under Framework of XFRM Based on Linux
xfrm_policy{}表示IPSec SP,xfrm_state{}表示IPSec SA ;xfrm_state{}通过xfrm_templ{}和xfrm_ policy{}关联;SPD由xfrm_policy{}结构链组成,SAD由xfrm_state{}结构链组成。

Does Linux support AES-GCM and AES-GMAC???
- To IPsec SA identifier, RFC 4106 says:
8.3. Phase 2 Identifier

For IKE Phase 2 negotiations, IANA has assigned three ESP Transform
Identifiers for AES-GCM with an eight-byte explicit IV:

18 for AES-GCM with an 8 octet ICV;
19 for AES-GCM with a 12 octet ICV; and
20 for AES-GCM with a 16 octet ICV.

- To PF_KEY cipher type:

Linux pfkeyv2 seems to have:
#define SADB_X_EALG_AES_GCM_ICV12 19
#define SADB_X_EALG_AES_GCM_ICV16 20

2011年12月13日 星期二

Finding what branch/tag a commit came from

git branch --contains <CommitID>
git tag --contains <CommitID>

$ git branch --contains 3f80fbff5f1
* master
$ git tag --contains 3f80fbff5f1

grit - Git: Finding what branch a commit came from - Stack Overflow

2011年12月12日 星期一

BASH: How do I clear Bash's cache of paths to executables?

BASH cached the searched path of the executables??!! , WTF....

# xxx.sh
xxx.sh: command not found
# touch /bin/xxx.sh
# chmod +x /bin/xxx.sh
# xxx.sh
# rm /bin/xxx.sh
# xxx.sh
bash: /bin/xxx.sh: No such file or directory

How do I clear Bash's cache of paths to executables?
bash does cache the full path to a command.
To clear the entire cache:
hash -r
Or just one entry:
hash -d svnsync
More info in help hash and man bash .

2011年12月7日 星期三


[wiki] NAT traversal and IPsec

[wiki] NAT-T

NAT-T (NAT traversal in the IKE) is a method of enabling IPsec-protected IP datagrams to pass through network address translation (NAT). RFC 3947 defines the negotiation during the Internet key exchange (IKE) phase and RFC 3948 defines the UDP encapsulation.

An IP packet is modified while passing through a network address translator device in a manner that is incompatible with Internet Protocol Security (IPsec). NAT-T protects the original IPsec encoded packet by encapsulating it with another layer of UDP and IP headers.

How Does NAT-T work with IPSec?

RFC3947: Negotiation of NAT-Traversal in the IKE
(It seems NATT "MUST" use UDP dport 4500)
(Both data and IKE message after first Phase 1 negotiation could use UDP dport 4500)
3. Phase 1
The detection of support for NAT-Traversal and detection of NAT along the path between the two IKE peers occurs in IKE [RFC2409] Phase 1.

3.1. Detecting Support of NAT-Traversal
3.2. Detecting the Presence of NAT

4. Changing to New Ports
In Main Mode, the initiator MUST change ports when sending the ID payload if there is NAT between the hosts. The initiator MUST set both UDP source and destination ports to 4500. All subsequent packets sent to this peer (including informational notifications) MUST be sent on port 4500. In addition, the IKE data MUST be prepended with a non-ESP marker allowing for demultiplexing of traffic, as defined in [RFC3948].

Thus, the IKE packet now looks like this:

IP UDP(4500,4500) <non-ESP marker> HDR*, IDii, [CERT, ] SIG_I

This assumes authentication using signatures. The 4 bytes of non-ESP marker are defined in the [RFC3948].


The responder MUST respond with all subsequent IKE packets to this peer by using UDP(4500,Y).

Similarly, if the responder has to rekey the Phase 1 SA, then the rekey negotiation MUST be started by using UDP(4500,Y). Any implementation that supports NAT traversal MUST support negotiations that begin on port 4500. If a negotiation starts on port 4500, then it doesn't need to change anywhere else in the exchange.

RFC3948: UDP Encapsulation of IPsec ESP Packets
2.1. UDP-Encapsulated ESP Header Format
The UDP header is a standard [RFC0768] header, where
o the Source Port and Destination Port MUST be the same as that used by IKE traffic,
o the IPv4 UDP Checksum SHOULD be transmitted as a zero value, and
o receivers MUST NOT depend on the UDP checksum being a zero value.

The SPI field in the ESP header MUST NOT be a zero value.

2.2. IKE Header Format for Port 4500
The UDP header is a standard [RFC0768] header and is used as defined in [RFC3947]. This document does not set any new requirements for the checksum handling of an IKE packet.

A Non-ESP Marker is 4 zero-valued bytes aligning with the SPI field of an ESP packet.

IPsec and NAT Traversal - System Administration Guide: IP Services

Linux Kernel 2.6 using KAME-tools -- NAT-Traversal

Openswan / NATTraversal

2011年12月6日 星期二

SA bundle

RFC 2401: Security Architecture for the Internet Protocol

4.3 Combining Security Associations

The IP datagrams transmitted over an individual SA are afforded protection by exactly one security protocol, either AH or ESP, but not both. Sometimes a security policy may call for a combination of services for a particular traffic flow that is not achievable with a single SA. In such instances it will be necessary to employ multiple SAs to implement the required security policy. The term "security association bundle" or "SA bundle" is applied to a sequence of SAs through which traffic must be processed to satisfy a security policy. The order of the sequence is defined by the policy. (Note that the SAs that comprise a bundle may terminate at different endpoints. For example, one SA may extend between a mobile host and a security gateway and a second, nested SA may extend to a host behind the gateway.)

Security associations may be combined into bundles in two ways: transport adjacency and iterated tunneling.
  • Transport adjacency refers to applying more than one security protocol to the same IP datagram, without invoking tunneling. This approach to combining AH and ESP allows for only one level of combination; further nesting yields no added benefit (assuming use of adequately strong algorithms in each protocol) since the processing is performed at one IPsec instance at the (ultimate) destination.
  • Iterated tunneling refers to the application of multiple layers of security protocols effected through IP tunneling. This approach allows for multiple levels of nesting, since each tunnel can originate or terminate at a different IPsec site along the path. No special treatment is expected for ISAKMP traffic at intermediate security gateways other than what can be specified through appropriate SPD entries (See Case 3 in Section 4.5)
There are 3 basic cases of iterated tunneling -- support is required only for cases 2 and 3.:
  1. both endpoints for the SAs are the same -- The inner and outer tunnels could each be either AH or ESP, though it is unlikely that Host 1 would specify both to be the same, i.e., AH inside of AH or ESP inside of ESP.
  2. one endpoint of the SAs is the same -- The inner and uter tunnels could each be either AH or ESP.
  3. neither endpoint is the same -- The inner and outer tunnels could each be either AH or ESP.

Data networks: routing, security ... - Tony Kenyon - Google Books

Section 10.5. Combining Security Associations

22.4.4 Combining IPSec protocols

Question on SA Bundle
Note that, SPD defines the security protocols such as ESP, AH. In a given SPD policy, you can have both ESP and AH together. This results into two SAs. Typically, IPSEC informs IKE to get the keys for both of them together. once IKE gets the keys, it can inform IPSEC packet processing to create the SA bundle with two SAs.

Since, IKE negotiates both together, if one SA life time expires, other SAs in the SA Bundle can be removed. That means either all SAs in the SA bundle exist or none exist

When writing 2401 we thought it might be possible to provide the ability to link together a number of SAs into a bundle, similar to what you describe in #1 above. However, in reality, IKE v1 was not able to negotiate a general notion of bundling, specifically a way to link new SAs to existing SAs. Thus, in practice the only bundles that occur arise when one negotiates both AH and ESP in a single IKE negotiaiton.

As we revise 2401, I anticipate clarifying this, and essentially doing away with the notion of bundles. I have not see a strong need for them in list discussions, nor does IKE v2 have support for adding SAs to a bundle.

Bundle is just a set of IPSEC transformations (and SA's) that are specified to be applied to a packet that maches a particular selector. The same component SA can be used in different "bundles".

That's about all that "bundle" means to me. Unfortunately, IKEv1 thinks/requires more strict "bundle" concept. It cannot negotiate individual SA's belonging to same "bundle" separately, or share SA's between bundles.

Key management should negotiate SA's individually.
(which means Key management SA bundle at once)

interpretation of SA bundle.
(I'm somehow confused by this thread)
> Do you say that each attributes of multiple proposal with same number
> MUST have same transport mode ?

The encapsulation is applied to the SAs as a whole. So, yes.

See section 2.1 of RFC 2408. Here's what you're doing when you have multiple proposal payloads with the same number in a single SA payload:
Protection Suite: A protection suite is a list of the security services that must be applied by various security protocols. For example, a protection suite may consist of DES encryption in IP ESP, and keyed MD5 in IP AH. All of the protections in a suite must be treated as a single unit. This is necessary because security services in different security protocols can have subtle interactions, and the effects of a suite must be analyzed and verified as a whole.

"All of the protections in a suite must be treated as a single unit."

In other words, the group of SAs that make up the suite live and die as a unit, and have encapsulation applied as a single logical unit.

2011年12月5日 星期一

Network Information System (NIS/YP)

Network Information System (NIS/YP)

[Chapter 19] 19.4 Sun's Network Information Service (NIS)

火箭爐(Rocket Stove)

省能火箭爐 搞定 環保野炊


高效柴爐DIY - 101跑步農莊! - Yahoo!奇摩部落格



自然谷環境教育基地 -- 荒野保護協會環境信託: 節能減碳 -- 火箭爐



無煙無燻更節能火箭爐-綺文與吉仁二代火箭爐 @ 自給自足 永續生活 :: 痞客邦 PIXNET ::

IP Payload Compression Protocol (IPComp)


RFC 3173: IP Payload Compression Protocol (IPComp)

[wiki] IP Payload Compression Protocol

In networking IP Payload Compression Protocol, or IPComp, is a low level compression protocol for IP datagrams defined in RFC 3173.[1] The intent is to reduce the size of data transmitted over congested or slow network connections, thereby increasing the speed of such networks without losing data. According to the RFC requirements, compression must be done before fragmenting or encrypting the packet. It further states that each datagram must be compressed independently so it can be decompressed even if received out of order. This is important because it allows IPComp to work with both TCP and UDP network communications.


AES-GCM (crypto+auth)

[wiki] Galois/Counter Mode

a mode of operation for symmetric key cryptographic block ciphers that has been widely adopted because of its efficiency and performance. GCM throughput rates for state of the art, high speed communication channels can be achieved with reasonable hardware resources [1]. It is an authenticated encryption algorithm designed to provide both data authenticity (integrity) and confidentiality. GCM mode is defined for block ciphers with a block size of 128 bits. GMAC is an authentication-only variant of the GCM which can be used as an incremental message authentication code. Both GCM and GMAC can accept initialization vectors of arbitrary length.

AES-GCM (Galois Counter Mode) core for FPGA (Xilinx, Altera, Actel) and ASIC - Helion Technology
AES-GCM is an authenticated encryption algorithm designed to provide both authentication and privacy. Developed by David A McGrew and John Viega, it uses universal hashing over a binary Galois field to provide authenticated encryption.

GCM was designed originally as a way of supporting very high data rates, since it can take advantage of pipelining and parallel processing techniques to bypass the normal limits imposed by feedback MAC algorithms. This allows authenticated encryption at data rates of many tens of Gbps, permitting high grade encryption and authentication on systems which previously could not be fully protected. More recently GCM is being specified for use in lower rate applications due to its ease of use and scalability.

AES-GCM is specified for use in a number of recent standards; for example it is one of the options specified by the IEEE 1619 group for securing data-at-rest stored on tape media. In networking, it is the security algorithm specified for use in MACsec (802.1AE), and in the ANSI Fibre Channel Security Protocols (FC-SP).

AES-GCM Functions
The Galois/Counter Mode (GCM) is a mode of operation of the AES algorithm. GCM [NIST SP 800-38D] uses a variation of the Counter mode of operation for encryption. GCM assures authenticity of the confidential data (of up to about 64 GB per invocation) using a universal hash function defined over a binary finite field (the Galois field).

GCM can also provide authentication assurance for additional data (of practically unlimited length per invocation) that is not encrypted. If the GCM input contains only data that is not to be encrypted, the resulting specialization of GCM, called GMAC, is simply an authentication mode for the input data.

[wiki] Finite field (aka Galois field)

RFC 5288: AES-GCM Cipher suites
AES-GCM is an authenticated encryption with associated data (AEAD) cipher

The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP)

AES-GMAC (auth)
Advanced Encryption Standard Galois Message Authentication Code (AES-GMAC)

RFC4543: The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH

Re: AES-GMAC as a hash

AES-XCBC, aka CBC-MAC (auth)
[wiki] CBC-MAC
cipher block chaining message authentication code (CBC-MAC), is a technique for constructing a message authentication code from a block cipher.

[wiki] CMAC
CMAC (Cipher-based MAC)[1] is a block cipher-based message authentication code algorithm.

The core of the CMAC algorithm is a variation of CBC-MAC that Black and Rogaway proposed and analyzed under the name XCBC[2] and submitted to NIST.[3] The XCBC algorithm efficiently addresses the security deficiencies of CBC-MAC, but requires three keys. Iwata and Kurosawa proposed an improvement of XCBC and named the resulting algorithm One-Key CBC-MAC (OMAC) in their papers.[4][5] They later submitted OMAC1[6], a refinement of OMAC, and additional security analysis.[7] The OMAC algorithm reduces the amount of key material required for XCBC. CMAC is equivalent to OMAC1.

RFC4434: The AES-XCBC-PRF-128 Algorithm for the Internet Key Exchange Protocol (IKE)

RFC3566: The AES-XCBC-MAC-96 Algorithm and Its Use With IPsec


Block ciphers (security summary)

Cryptographic hash functions and message authentication codes (MACs)

2011年12月4日 星期日

Traffic Flow Confidentiality (TFC)

Traffic Flow Confidentiality (TFC)
to hide/masquerade the traffic pattern to prevent statistical traffic analysis attacks.

RFC 4303 - IP Encapsulating Security Payload (ESP)

2.7. Traffic Flow Confidentiality (TFC) Padding
As noted above, the Padding field is limited to 255 bytes in length. This generally will not be adequate to hide traffic characteristics relative to traffic flow confidentiality requirements. An optional field, within the payload data, is provided specifically to address the TFC requirement.
An IPsec implementation SHOULD be capable of padding traffic by adding bytes after the end of the Payload Data, prior to the beginning of the Padding field. However, this padding (hereafter referred to as TFC padding) can be added only if the Payload Data field contains a specification of the length of the IP datagram. This is always true in tunnel mode, and may be true in transport mode depending on whether the next layer protocol (e.g., IP, UDP, ICMP) contains explicit length information. This length information will enable the receiver to discard the TFC padding, because the true length of the Payload Data will be known. (ESP trailer fields are located by counting back from the end of the ESP packet.) Accordingly, if TFC padding is added, the field containing the specification of the length of the IP datagram MUST NOT be modified to reflect this padding. No requirements for the value of this padding are established by this standard.

In principle, existing IPsec implementations could have made use of this capability previously, in a transparent fashion. However, because receivers may not have been prepared to deal with this padding, the SA management protocol MUST negotiate this service prior to a transmitter employing it, to ensure backward compatibility. Combined with the convention described in Section 2.6 above, about the use of protocol ID 59, an ESP implementation is capable of generating dummy and real packets that exhibit much greater length variability, in support of TFC.
Implementations SHOULD provide local management controls to enable the use of this capability on a per-SA basis. The controls should allow the user to specify if this feature is to be used and also provide parametric controls for the feature.

Re: ESP's use of dummy packets?

TfcProject – Discreet

pfkeyv2.h in tfcproject/trunk/ipsec-tools-0.6.6/src/include-glibc/net – Discreet

Traffic masking in IPsec: architecture and implementation

basic TFC mechanisms can be categorized as follows:
− Packet forming (padding, fragmentation, etc.);
− Packet timing (queuing and de-queuing);
− Dummy packet management (generation and discarding).

TFC Control Algorithms


the simplest and most straightforward algorithm consists in embedding the SA’s traffic in a CBR traffic pattern (with packets of constant size and a constant packet inter-arrival time). Such algorithm is ideal in the level of protection, it has a low complexity, but it also introduces serious performance drawbacks both in limiting the throughput and in filling the network with padding and dummy packets.

It is worth noting here that besides CBR, any traffic pattern that is independent of the original traffic flowing in the SA has the same properties. Algorithms can also generate traffic independent patterns using stochastic processes (modifying packet size, timing, or both). Other control algorithms are the adaptive ones, where the output pattern depends on properties of the original flow. Some examples are random size padding, random introduced delay, or a rate adaptive CBR.

Traffic Flow Confidentiality in IPsec: Protocol and Implementation
It can combine the TFC basic mechanisms arbitrarily:
CBR (Continuous Bit rate),
random padding,
random delay algorithms
Queue congestion Reactive algorithm (still experimental)

A User Space application allows to configure TFC SA parameters
Delay Algorithm
Packets Length
Bit Rate

ESP Traffic Flow Confidentiality
traffic-flow confidentiality (TFC)

2011年12月1日 星期四

GNU Debugger (GDB)

CROSS is the prefix of your cross-compiler, e.g. for mips64-linux-gnu-gcc, CROSS=mips64-linux-gnu
(Add the path to your cross-compiler to $PATH)


wget http://ftp.gnu.org/gnu/gdb/gdb-7.6.1.tar.bz2

tar xf gdb-7.6.1.tar.bz2
cd gdb-7.6.1/
mkdir build-mips
cd build-mips/

../configure --target=$(CROSS} --prefix=$(pwd)/install
make install

GDB: The GNU Project Debugger


Debugging with GDB (入門篇)


GDB Cheat Sheet - GDB Cheat Sheet.pdf

tools - How to handle stripped binaries with GDB? No source, no symbols and GDB only shows addresses? - Reverse Engineering Stack Exchange

gdb backtrace to file • Andreas Schneider
# alias bt='echo 0 | gdb -batch-silent -ex "run" -ex "set logging overwrite on" -ex "set logging file gdb.bt" -ex "set logging on" -ex "set pagination off" -ex "handle SIG33 pass nostop noprint" -ex "echo backtrace:\n" -ex "backtrace full" -ex "echo \n\nregisters:\n" -ex "info registers" -ex "echo \n\ncurrent instructions:\n" -ex "x/16i \$pc" -ex "echo \n\nthreads backtrace:\n" -ex "thread apply all backtrace" -ex "set logging off" -ex "quit" --args'

# bt $crashing_application
fcamel 技術隨手記: 用 python gdb 客製化 backtrace 的結果

GDB complaint "Error opening terminal: xterm." while using "-tui" or GDB command "layout"
export TERMINFO=/lib/terminfo
Question #207761 : Questions : GCC ARM Embedded

2011年11月30日 星期三

雜草學會 weed society Taiwan

雜草學會 weed society Taiwan









2.乾旱期間能緩衝日照,降低表土水份蒸發速率,維持土壤微濕度,使根部得以繼續吸收水份,維持果樹生長所需最低需水量,避免達到永久萎凋點(persistent wilt point)。
6.草生栽培之草種能提供花粉作為釋迦授粉昆蟲(如鞘翅目之出尾蟲科Nitidulidae 數種出尾蟲或本省土產的東方蜂(Apis cerana))的蜜源,使其族群在釋迦果園內得以存活。




某些雜草(如刺蕁麻 、墨西哥臭杏 Chenopodium ambrosides、樟腦草Heterotheca subaxillaris 及豬草等 ) 在農業生態系中是重要的組成分,因其可提供對生態系動態平衡有益之昆蟲棲息並供應花粉、花蜜等食物來源,而在毫無雜草之單一作物田中,天敵則無法生存。

在單年生作物及果園地上覆蓋野花,會使特殊病蟲害之寄生性天敵發生機率大增,例如 Leius(1967) 發現果園中地面植叢出現使毛蟲卵及幼蟲被寄生天敵比率較無覆蓋植叢者提高18 倍。在果園中栽植綠肥作物Phacelia spp.(紫草科) 可使天敵寄生發生率由5%提高至75%;俄羅斯學者發現在十字花科作物中可找到兩種捲心菜蛾的寄生蜂 Apanteles glomeratus ,其可以野芥菜花朵為蜜源,並且野芥菜存在可使其壽命延長、產卵量增加;另在油菜田中的野芥菜, 亦可使寄生蜂之寄生率由10% 提高至60%(Telenga,1958)。雜草花朵亦為許多肉食性昆蟲的重要食物來源,花粉可為蠅類產生卵及肉食性瓢蟲等 昆蟲之重要食物,其中草蜻蛉特別喜歡菊科花朵,因其富含花蜜可充分供應糖分來源 (Hagen,1986)。

在英國棲息在刺蕁麻上之蚜蟲 (Microlophium carnosum) ,每年四月至五月會有捕食蚜蟲的肉食性動物會大量掠食而阻擋蚜蟲侵入作物,但一到七月中旬蕁麻被砍除後蚜蟲就會跑去危害鄰近的作物 (Perrin,1975)。





在混植雜草處理中,作物產量與昆蟲危害間無明顯相關。當雜草處理對害蟲族群與危害之降低成效達到最大時,並且忽略草食動物的密度,則雜草對作物產量無影響;顯然地,當雜草對草食動物數目降低之正面影響被排除後,由於雜草競爭所造成之作物減產問題才能受重視,亦顯示在雜草與作物間競爭不嚴重下,大豆、雜草與害蟲三者間關係就十分重要 (Andow,1991)。

SeedQuest - Central information website for the global seed industry

2011年11月28日 星期一



IC設計商巨虹電子以SkySafe品牌發表首款Android加密手機VIP007,手機搭載硬體加密技術,通過美國國家資訊擔保組織(NIAP)CC EAL5+安全等級,可對網路電話、簡訊傳輸及資料儲存加密確保通訊安全。

硬體加密技術主要內建在一張Micro SD記憶卡上,透過SIP(System In Package)封裝技術,以獨立空間整合控制器、ARM9處理器及Security Component,加密引擎具有一個單一的識別序號,並獨立運作,可抵禦木馬程式攻擊。

這項硬體加密技術採用AES-256標準,以RSA-2048演算法將數據資料加密,巨虹強調該技術已經NIAP認證通過為CC EAL5+安全等級(EAL等級從1到7),比現今銀行普遍使用的金融卡EAL4安全等級更高。





VIP007為3.6吋觸控螢幕手機,採用Android 2.2平台,內建Qualcomm 1GHz處理器、500萬畫素相機,手機空機售價8.8萬元。

黎建君表示,將硬體加密技術整合到Micro SD記憶卡上,除了可確保手機使用安全,未來也進一步用在企業機密資料傳送、員工管理、資料庫權限,在一般大眾消費上,也可以NFC功能推廣手機電子錢包應用,以硬體加密技術保護交易資料傳送,相較於電信、手機業者希望交易資料存放在SIM卡或手機裡,整合到記憶卡上不受電信商、手機限制,更適合銀行業者推廣。




(作者:吳 蓓 發表時間:2006-4-25)


重返英國後,我暗下決心,有機會一定要多問幾位家長。由於女兒和我一起回到英國,我從學生宿舍搬到村裡的房子。房東麥德琳太太有5個孩子,令我驚訝的是她把5個孩子全送到華德福學校和幼兒園(當地名稱為麥克荷)。最大的兒子今年16歲,最小的女兒4 歲。有一天麥德琳太太讓我搭她的車去女兒的學校。路上我問她為什麼喜歡華德福學校?


在英國生活,開支很大,我盡量利用業餘時間打工掙錢。去年年底我找到一份看孩子的臨時工作。母親瑪格瑞特有3位孩子,最大的女兒 10 歲,在麥克荷上小學五年級,二女兒6歲,在麥克荷剛上小學一年級。最小的兒子還不滿3歲。平時她接我去看孩子時,總是很匆忙,直到有一天麥克荷放學時,我看見瑪格瑞特正帶著孩子們在校園長凳上曬太陽,我走過去和她在陽光下交談起來。我問她為什麼把孩子送到華德福學校.





我的鄰居有兩位日本母親,她們的孩子都在麥克荷上學,她們不遠萬里來到英國,就是為了孩子能上華德福學校。橫山今年40多歲,她是我的同班同學。70年代一位日本的母親到德國留學,經朋友推薦,送女兒上了當地的一所華德福幼兒園,然後又接著上華德福小學,期間她對女兒發生的變化又驚又喜,點點滴滴記錄下來,寫成一本書,結果大受歡迎,成了日本暢銷書。橫山讀到這本書時還沒有結婚,感慨自己已過了上學年齡,只有等將來有了孩子,發誓一定要讓他或她上華德福學校。3 年前,她如願已償,帶著9歲的女兒隻身來到英國,她的丈夫為母女提供大部分的資助。而另一位日本母親洋子,卻沒有這麼幸運,她早已離婚,也是受到那本書的影響,先是把兒子送到日本的第一所華德福幼兒園,兒子大了,當時日本還沒有華德福學校,她帶兒子到美國去上華德福小學。3年前又帶上兒子來英國上華德福中學。今年她已經54歲了,每週要打工20個小時,支付高昂的住房和生活開支。但她樂此不疲,只為兒子能上華德福學校。

幫助我出國學習華德福教育的 Jim Willetts先生,對我說:「我的女兒上小學二年級時,有一天哭著回家,我問她是不是有人欺負你了,她說不是,老師教她進位制,她怎麼也不會,老師批評了她。我去找老師,女兒學得慢,用不著去批評她,怎麼能要求每個孩子學習進度一樣?沒想到老師態度生硬,如果不願達到老師的要求,那就別來上學。我一氣之下,就讓女兒退學了。在四處尋找學校的過程中,朋友向我推薦華德福學校,我參觀之後就決定把女兒送進去,女兒再也沒有為上學哭過。我也從此對華德福教育產生了興趣。」從那時至今,對華德福教育的興趣持續了30多年,他一方面做商人,一方面把大量的時間、精力和錢投入到華德福教育中去,成為華德福協會的核心人物。由於女兒的一次不愉快經歷,像盧安克父親一樣,改變了他的一生。




2011年11月24日 星期四


ARM's Cortex Microcontroller Software Interface Standard (CMSIS)

Take control: How NXP's Patent-Pending SCT Improves Motor Control

State-configurable timer (SCT)

The SCT is a sophisticated yet easy-to-configure timing function that delivers unprecedented flexibility. It lets designers configure advanced timing operations--including those required for complex motor-control functions -- while meeting tight development schedules. From an architecture standpoint, it is a timer-capture unit coupled with a highly flexible, event driven state machine. It brings two familiar concepts, event and state, to the area of timing, and thus enables wide variety of operations, including timing, counting, output modulation, and input capture.
NXP's SCT peripheral

NXP Cortex-M microcontrollers
NXP’s SGPIO combine general-purpose I/O with a timer/shift register and can be used to create or capture multiple real-time serial data streams. This eliminates the need for code loops that manipulate GPIO in real time, and provides an easy-to-use alternative to CPU-intensive “bit banging”. SGPIO can also be configured to provide designers an extra standard serial interface (UART, I2S, I2C, etc.).


Baking mixes made easy | Krusteaz



《蛋糕》懶人五分鐘Costco KRUSTEAZ鬆餅粉 – 堅果松露巧克力瑪芬


2011年11月23日 星期三

Big/little Endian DMA master and bus bit


little endian ARM CPU (LE CPU)
AXI, bus data bit 0~63
a big endian device w/ DMA master (BE CPU)

Says a LE CPU write a 64-bit value to an address in memory, later a BE CPU get the 64-bit value from the address. Will they get the same value?
One of my colleague said YES, because
BE CPU will get byte 0 from bus bit 56~63
LE CPU will get byte 0 from bus bit 0-7
This access difference result in a 64-bit data swap, which cause the data of both CPU see the same value.

This is at least a fact on our SoC. MAYBE it is because the BE CPU expect the data on the bus is LE, therefore it change the way it take the byte 0.

But, is this the default behavior or convention, which BE CPU/DMA master will get byte 0 from bit 56-63? (I don't know now)

It depends on the implementation. In this case we did a swap, the "Word Consistent Approach".

Endianness and ARM System Endianness

[wiki] Endianness

[wiki] Bit numbering

LSB 0 bit numbering

LSB 0: A container for 8-bit binary number with the highlighted least significant bit assigned the bit number 0

When the bit numbering starts at zero for the least significant bit the numbering scheme is called "LSB 0".[1] This bit numbering method has the advantage that for any unsigned integral data type the value of the number can be calculated by using exponentiation with the bit number and a base of 2.

MSB 0 bit numbering

MSB 0:A container for 8-bit binary number with the highlighted most significant bit assigned the bit number 0

Similarly, when the bit numbering starts at zero for the most significant bit the numbering scheme is called "MSB 0".

Byte and Bit Order Dissection
Endianness of Bus
The bus we refer to here is the external bus we showed in the figure above. We use PCI as an example below. The bus, as we know, is an intermediary component that interconnects CPUs, devices and various other components on the system. The endianness of bus is a standard for byte/bit order that bus protocol defines and with which other components comply.

Take an example of the PCI bus known as little endian. It implies the following: among the 32 address/data bus line AD [31:0], it expects a 32-bit device and connects its most significant data line to AD31 and least significant data line to AD0. A big endian bus protocol would be the opposite.

For a partial word device connected to bus, for example, an 8-bit device, little endian bus-like PCI specifies that the eight data lines of the device be connected to AD[7:0]. For a big endian bus protocol, it would be connected to AD[24:31].

In addition, for PCI bus the protocol requires each PCI device to implement a configuration space. This is a set of configuration registers that have the same byte order as the bus.

Just as all the devices need to follow bus's rules regarding byte/bit endianness, so does the CPU. If a CPU operates in an endianness different from the bus, the bus controller/bridge usually is the place where the conversion is performed.

An alert reader nows ask this question, "so what happens if the endianness of the device is different from the endianness of the bus?" In this case, we need to do some extra work for communication to occur, which is covered in the next section.

Endianness of Devices
Kevin's Theory #1: When a multi-byte data unit travels across the boundary of two reverse endian systems, the conversion is made such that memory contiguousness to the unit is preserved.

We assume CPU and bus share the same endianness in the following discussion. If the endianness of a device is the same as that of CPU/bus, then no conversion is needed.

In the case of different endianness between the device and the CPU/bus, we offer two solutions here from a hardware wiring point of view. We assume CPU/bus is little endian and the device is big endian in the following discussion.

Word Consistent Approach
In this approach, we swap the entire 32-bit word of the device data line. We represent the data line of device as D[0:31], where D(0) stores the most significant bit, and bus line as AD[31:0]. This approach suggests wiring D(i) to AD(31-i), where i = 0, ..., 31. Word Consistent means the semantic of the whole word is preserved.

Byte Consistent Approach
In this approach, we do not swap bytes, but we do swap the bits within each byte lane (bit at device bit-offset i goes to bus bit-offset (7-i), where i=0...7) in hardware wiring. Byte Consistent means the semantic of the byte is preserved.

Endianness of Network Protocols

Bit Transmission/Reception Order
The bit transmission/reception order specifies how the bits within a byte are transmitted/received on the wire. For Ethernet, the order is from the least significant bit (lower wire address offset) to the most significant bit (higher wire address offset). This apparently is little endian. The byte order remains the same as big endian, as described in early section.

2011年11月15日 星期二

Can't Help Falling In Love

Richard Marx

Wise men say only fools rush in
But I can't help falling in love with you

Shall I stay, would it be a sin
If I can't help falling in love with you

Like a river flows surely to the sea
Darling so it goes
Some things are meant to be
Take my hand, take my whole life too
For I can't help falling in love with you

2011年11月14日 星期一

Blowin' In The Wind - Bob Dylan





How many roads must a man walk down, before you call him a man
(yes) How many seas must a white dove sail, before she sleeps in the sand
(yes) How many times must the cannonballs fly, before they are forever banned

The answer, my friend, is blowing in the wind
The answer is blowing in the wind

(yes) How many years can a mountain exist, before it is washed to the sea
(yes) How many years can some people exist, before they're allowed to be free
(yes) How many times can a man turn his head, and pretend that he just doesn't see

[Repeat *]

(yes) How many times must a man look up, before he can really see the sky
(yes) How many years must one person(man) have, before he can hear people cry
(yes) How many deaths will it take till he knows, that too many people have died

[Repeat *]

[wiki] Blowin' in the Wind

2011年11月10日 星期四

2011年11月9日 星期三



[轉錄] 何飛鵬:能說、會做、敢承諾

台北步道 - 雙北手牽手,親子動員來健走

雙北手牽手 親子動員來健走




【學 名】pogostemon cablin
【別 名】排香草、洋薄荷、藿香、到手香、印度薄荷、過手香
【科 名】唇形科
【產 地】馬來西亞和印度
【特 徵】高約15~30公分,全株密被細毛,具強烈特殊辛香味。葉肥厚,對生,廣卵形,先端純圓或銳,齒狀緣有點上捲。

[香草.藥草] 摸到手就香的~到手香(左手香)





左手香茶 - 消除疲勞、預防感冒

左手香超好用的 ^_^

2011年11月8日 星期二

得知 GCC 預先定義之 macro

得知 GCC 預先定義之 macro

$ echo | gcc -v -E -dM - | grep '^#define .*MAX'
$ echo | arm-linux-gcc -mcpu=iwmmxt -v -E -dM - | grep IWMMXT

echo | gcc -v -E -dM -

Using the GNU Compiler Collection - For gcc version 4.6.2
Stop after the preprocessing stage; do not run the compiler proper. The output is in the form of preprocessed source code, which is sent to the standard output. Input files which don’t require preprocessing are ignored.

Print (on standard error output) the commands executed to run the stages of compilation. Also print the version number of the compiler driver program and of the preprocessor and the compiler proper.

Instead of the normal output, generate a list of ‘#define’ directives for all the macros defined during the execution of the preprocessor, including predefined macros. This gives you a way of finding out what is predefined in your version of the preprocessor. Assuming you have no file ‘foo.h’, the command
touch foo.h; cpp -dM foo.h

will show all the predefined macros. If you use ‘-dM’ without the ‘-E’ option, ‘-dM’ is interpreted as a synonym for ‘-fdump-rtl-mach’.

2011年11月7日 星期一


TheRacoon2Project - racoon2

Internet Key Exchange (IKEv2) Protocol
  • RFC 4306
  • RFC 4307
  • RFC 4718
Kerberized Internet Negotiation of Keys (KINK)
  • RFC 4430
The Internet Key Exchange (IKE)
  • RFC 2409
  • RFC 3947
  • RFC 3948
PF_KEY Key Management API, Version 2
  • RFC 2367


The previous racoon (usually called just as racoon, but sometimes racoon1 in contrast to racoon2) only supports IKEv1. Racoon2 implements both IKEv2, KINK, and IKEv1. The configuration syntax is completely different because the Racoon2 system supports multiple key exchange protocols.

2011年10月19日 星期三

阿朗壹 交通



1. 西部縱貫鐵路,於高雄站下車,在火車站轉車(國光客運、高雄客運、屏東客運、中南客運)至車城【南保力】站,於對向(北上車道)候車站牌轉搭屏東客運接駁車到達本館。
2. 南迴鐵路(自東部往高雄方向),於枋寮站下車,再轉車(國光客運、高雄客運、屏東客運、中南客運)至車城【南保力】站,於對向(北上車道)候車站牌轉搭屏東客運接駁車到達本館。
* 臺灣鐵路管理局http://www.railway.gov.tw/(地址:台北市北平西路三號 / 電話:02-2381-5226)
* 國光客運 TEL:(07)235-8352 http://www.kingbus.com.tw/
* 高雄客運 TEL:(07)237-1230 http://www.ksbus.com.tw/
* 屏東客運 TEL:(08)723-7131 http://www.ptbus.com.tw/index.htm


阿朗壹古道導覽解說住宿交通旅遊資訊 - 排灣族大龜文王國阿朗壹盟部(目前推出阿塱壹/阿朗壹古道部落遊學) - Yahoo!奇摩部落格

阿朗壹古道之二(規劃) @ 餃子的BLOG :: 痞客邦 PIXNET ::

台東鹿野 都蘭山 鸞山部落 森林博物館


守護原鄉 都蘭山森林文化博物館 | 台灣環境資訊協會-環境資訊中心

台東鹿野 探森林博物館 @ 愛木者 :: 隨意窩 Xuite日誌


台東縣金峰鄉新興村 撒布優(sapulju)部落

2011年10月11日 星期二

2011年9月30日 星期五

2011年9月29日 星期四

Git Tutorials

新人 Git 版本控制教學 | 小惡魔 - 電腦技術 - 工作筆記 - AppleBOY

(Print this for reference.)
Zach Rusin’s Git Cheat Sheet

(Provide live demonstrations for each commands)
Git GoogleTechTalks/Randal Schwartz

(This document provide some explanations of git commands for their functionalities in the language of SVN. It doesn't really correctly describe the GIT, but it's a good start for SVN users.)
Git - SVN Crash Course


Git Setup and Init
Git Normal Workflow
Git Interactive Add
Git Log
Git Browsing
Git Branching and Merging
Git Rebasing
Git Distributed Workflow
Creating Empty Branches
RailsConf 2008 Talk


Git The Basics Tutorial

Tech Talk: Linus Torvalds on git

Git cheat sheets

Git - Fast Version Control System

2011年9月26日 星期一

Rebuilding git-svn metadata

git svn init svn://localhost/xxxx/trunk
git update-ref refs/remotes/git-svn master
git svn fetch

Rebuilding .git/svn/refs/remotes/git-svn/.rev_map.c27b2ed6-37b1-4487-878e-468635907f87 ...
r1 = b55058aa44bb117c6c1c7e5f73ffd2153fe5cbed
r2 = be1b2adc46c2d24919bb5670b8eb8f1e4db1ba73
r2976 = 95e59b550d6fe29d26f5056ebaf1b1d42fc387b7
r2977 = c65e902e8e9e1398094142d8fc7800ed72e3104a
Done rebuilding .git/svn/refs/remotes/git-svn/.rev_map.c27b2ed6-37b1-4487-878e-468635907f87
The SVN URL string must be exactly the same as the one recorded in the log.
commit c65e902e8e9e1398094142d8fc7800ed72e3104a
Author: X <X@c27b2ed6-37b1-4487-878e-468635907f87>
Date: Thu Sep 22 04:08:39 2011 +0000


git-svn-id: svn://localhost/xxx/trunk@2977 c27b2ed6-37b1-4487-878e-468635907f87
If the SVN URL is different, you will get the following:
Rebuilding .git/svn/refs/remotes/git-svn/.rev_map.c27b2ed6-37b1-4487-878e-468635907f87 ...
Done rebuilding .git/svn/refs/remotes/git-svn/.rev_map.c27b2ed6-37b1-4487-878e-468635907f87


Last fetched revision of refs/remotes/git-svn was r2977, but we are about to fetch: r1!
If you want to change the SVN URL, e.g.  "svn://localhost/xxx/trunk" to "svn://", you can do "git commit --amend" to alter the last commit's git-svn-id from
git-svn-id: svn://localhost/xxx/trunk@2977 c27b2ed6-37b1-4487-878e-468635907f87
git-svn-id: svn:// c27b2ed6-37b1-4487-878e-468635907f87
And set the git-svn to the new commit and run "git svn fetch"

Rebuilding git-svn metadata

2011年9月14日 星期三

2011年9月13日 星期二


ad642d9 ARM: 6188/1: Add a config option for the ARM11MPCore DMA cache maintenance workaround
ca57926 ARM: 6187/1: The v6_dma_inv_range() function must preserve data on SMP

2ffe2da ARM: dma-mapping: fix for speculative prefetching
702b94b ARM: dma-mapping: remove dmac_clean_range and dmac_inv_range
a9c9147 ARM: dma-mapping: provide per-cpu type map/unmap functions
93f1d62 ARM: dma-mapping: simplify dma_cache_maint_page
65af191 ARM: dma-mapping: move selection of page ops out of dma_cache_maint_cont
4ea0d73 ARM: dma-mapping: push buffer ownership down into dma-mapping.c
18eabe2 ARM: dma-mapping: introduce the idea of buffer ownership

2.6.35 cache operation

dmac_map_area = cpu_cache.dma_map_area

if (DMA_FROM_DEVICE) v6_dma_inv_range

dmac_unmap_area = cpu_cache.dma_unmap_area
if(!DMA_TO_DEVICE) v6_dma_inv_range

  • ...for_cpu
    • FROM_DEVICE: inv
    • TO_DEVICE: N/A
  • ...for_device
    • FROM_DEVICE: inv, clean
    • TO_DEVICE: clean
    • BIDIRECTIONAL: clean

Linux term/arm's cache op
v6_dma_inv_range ==> inv
v6_dma_clean_range ==> clean
v6_dma_flush_range ==> clean+inv

2011年9月7日 星期三

VirtualBox can't operate in VMX root mode

SOLVED - Can't operate in VMX root mode?

sudo modprobe -r kvm_intel

2011年8月30日 星期二

OpenWrt for CNS3XXX

apt-get install subversion build-essential libncurses5-dev zlib1g-dev gawk git ccache gettext libssl-dev xsltproc

./scripts/feeds update -a
./scripts/feeds install -a
make defconfig
make menuconfig
(chose cns3xxx....etc)

make V=s

Output in ./bin

`-- cns3xxx
|-- md5sums
|-- openwrt-cns3xxx-rootfs.tar.gz
|-- openwrt-cns3xxx-uImage
|-- OpenWrt-SDK-cns3xxx-for-Linux-i686-gcc-linaro_uClibc-0.9.32.tar.bz2
|-- OpenWrt-Toolchain-cns3xxx-for-arm_v6k-gcc-linaro_uClibc-0.9.32_eabi.tar.bz2
`-- packages
|-- base-files_79-r28007_cns3xxx.ipk
|-- busybox_1.18.5-1_cns3xxx.ipk
|-- iptables_1.4.10-4_cns3xxx.ipk
|-- iptables-mod-conntrack_1.4.10-4_cns3xxx.ipk
|-- iptables-mod-nat_1.4.10-4_cns3xxx.ipk
|-- kernel_2.6.39.2-1_cns3xxx.ipk
|-- kmod-crc-ccitt_2.6.39.2-1_cns3xxx.ipk
|-- libc_0.9.32-79_cns3xxx.ipk
|-- libgcc_linaro-79_cns3xxx.ipk



host related: ./build_dir/linux-cns3xxx/host/
kernel related: ./build_dir/linux-cns3xxx/linux-cns3xxx/
userspace application: ./build_dir/linux-cns3xxx/target-arm_v6k_uClibc-0.9.32_eabi/
cross toolchain related: ./build_dir/linux-cns3xxx/toolchain-arm_v6k_gcc-linaro_uClibc-0.9.32_eabi/


Final toolchain is at


OpenWrt Wiki

[OpenWrt] platforms

[OpenWrt Wiki] Welcome Advanced User!

[OpenWrt Wiki] Documentation - Developing

[OpenWrt Wiki] Documentation - Technical references

[OpenWrt Wiki] Documentation - Building

[OpenWrt Wiki] OpenWrt Buildroot – Installation

[OpenWrt Wiki] Image Generator
If you do not want to download a prebuild image but you do not want to go through the entire compilation process either, the alternative is to use the Image Generator (former called Image Builder). This is an already precompiled OpenWrt build environment suitable to create custom images without compiling anything.

[OpenWrt Wiki] Using the SDK
The SDK is a relocatable, precompiled OpenWrt toolchain suitable to cross compile single userspace packages for a specific target without compiling the whole system from scratch.

OpenWrt Buildroot

Web Interface Overview - OpenWrt Wiki

2011年8月28日 星期日

ldconfig & ld.so.conf

鳥哥的 Linux 私房菜 - 原始碼與 Tarball 軟體管理員 - ldconfig 與 /etc/ld.so.conf

用Open Source工具開發軟體: 新軟體開發關念 - Chapter 4. GNU Compiler Collection

CLI Magic: ldconfig and friends



2011年8月17日 星期三


quilt new <patch_name> #start a new patch
quilt edit <file_name> #edit a file (adding patch)
quilt diff
quilt diff -z #The diff of orig patch and the new patch
quilt refresh #Commit changes to the patch

quilt pop
quilt pop -a
quilt push
quilt push -f
quilt push -a

quilt top
quilt files
quilt patches <file_name>

[OpenWrt Wiki] Working with patches

How To Survive With Many Patches - Introduction to Quilt


營具:營帳、營燈、手電筒、燃料火把 (地布?)


炊具:爐子(卡式爐 or 汽化燈)、炊具、調味料、沙拉脫