2012年12月26日 星期三

2012年12月18日 星期二

同性婚姻合法化



支持同志婚姻,不然蕾絲邊會娶走你男友(繁體中文字幕) - YouTube
http://www.youtube.com/watch?v=NJpwy29zKMU&feature=player_embedded


支持同性婚姻,不然Gay會娶走你女朋友!(中英字幕) - YouTube
http://www.youtube.com/watch?v=pCwP_QEZB7c&feature=player_embedded


我反對同性婚姻合法化 — hoamon's sandbox
http://www.hoamon.info/blog/2012/12/19/homosexual_marriage_in_law.html
老公與老婆的愛情有需要給政府掛保證嗎? 或是說政府保證得了夫妻之間的承諾嗎?
有天,老婆忽然問我: 『你會永遠愛我嗎?』
我: 『???』
老婆再強調一次: 『你會永遠愛我嗎?』
我: 『我愛你呀! 只是我不能保證 **永遠** 。
        就連美國國債都已經不是 AAA 了,
        而 AAA 也不過是 5 年內的違約率小於 0.4% 。』 

同意版主的看法,不過我不太有被冒犯的感覺,反而是有點被"啟發":
大部分人的理想的另一半,『其實是 完美的外在條件』加上『我自己的內在』
而跟自己很像的人,多半是同性(同性戀)...或者 很像同性的異性(異性戀)...
而怎麼去克服理想與現實的差距 (ㄜ....老婆....我沒有不尊敬的意思....)
和 理解與同理 另一半的需求則是人生的一大課題呀...

所以身為理性的男人...
 "美國國債AAA" 的那段最好還是在心裡OS就好了....
說出來怕有生命的危險.....

(所以完美的情人其實是蕾絲邊??
有大咪咪的兄弟 和 雙贏..........我神往了~~~~~~XD)

2012年12月16日 星期日

寶螺


資源導覽:中文名(學名):黑星寶螺( Cypraea tigris ) | 中央研究院數位典藏資源網
http://mcn.kepu.tw/content/00/07/FE/7E.html

資源導覽:中文名(學名):阿拉伯寶螺( Cypraea arabica ) | 中央研究院數位典藏資源網
http://mcn.kepu.tw/content/00/07/FE/72.html

資源導覽:中文名(學名):百眼寶螺( Cypraea argus ) | 中央研究院數位典藏資源網
http://mcn.kepu.tw/content/00/11/2A/AB.html






藤壺


藤壶_图片_互动百科
http://tupian.baike.com/a1_03_04_01300000110309121730041726367_jpg.html

藤壶_互动百科
http://www.baike.com/wiki/%E8%97%A4%E5%A3%B6

紋藤壺
http://digimuse.nmns.edu.tw/DigiMuse/NewModule.aspx?ObjectId=0b0000018195e1ab&ParentID=0b0000018195e1ab

Leveraging the GPU to accelerate the Linux kernel


Leveraging the GPU to accelerate the Linux kernel
http://hackaday.com/2012/12/14/leveraging-the-gpu-to-accelerate-the-linux-kernel/

What is CUDA | NVIDIA Developer Zone
https://developer.nvidia.com/what-cuda

GPU Applications | High Performance Computing | NVIDIA
http://www.nvidia.com/object/gpu-applications.html

[pdf] POPULAR GPU‑ACCELERATED APPLICATIONS
http://www.nvidia.com/docs/IO/123576/nv-applications-catalog-lowres.pdf

Get Started - Parallel Computing | NVIDIA Developer Zone
https://developer.nvidia.com/get-started-parallel-computing

CUDA GPUs | NVIDIA Developer Zone
https://developer.nvidia.com/cuda-gpus

[pdf] Augmenting Operating SystemsWith the GPU
http://www.cs.utah.edu/~wbsun/kgpu.pdf

wbsun/kgpu · GitHub
https://github.com/wbsun/kgpu

Accelerating SSL with GPUs
http://conferences.sigcomm.org/sigcomm/2010/papers/sigcomm/p437.pdf

SSLShader: Cheap SSL Acceleration with Commodity Processors
http://static.usenix.org/event/nsdi11/tech/full_papers/Jang.pdf

2012年12月6日 星期四

Living Root Bridges of Meghalaya (India)



Living Root Bridges - Timothy Allen
http://humanplanet.com/timothyallen/2011/03/living-root-bridges-bbc-human-planet/

Living Root Bridges
http://rootbridges.blogspot.tw/

The Root Bridges of Cherrapunji located in Shillong, India | Atlas Obscura | Curious and Wondrous Travel Destinations
http://atlasobscura.com/place/root-bridges-cherrapungee

Meghalaya villagers create 'living' bridges by training roots across a river | Mail Online
http://www.dailymail.co.uk/news/article-2035520/Meghalaya-villagers-create-living-bridges-training-roots-river.html

The Root Bridges of Meghalaya « TravelLenz
http://travellenz.wordpress.com/2012/01/19/the-root-bridges-of-meghalaya/




Common Linux tools on Android without root by installing BusyBox


Common Linux tools on Android without root by installing BusyBox
http://hackaday.com/2012/12/05/common-linux-tools-on-android-without-root-by-installing-busybox/

Expand the Linux Capabilities on Android - YouTube
http://www.youtube.com/watch?v=L_bVC0x4l-g



XDA-Developers - YouTube
http://www.youtube.com/user/xdadevelopers

2012年12月4日 星期二

The NodeCopter - Programming flying robots with node.js


The NodeCopter - Programming flying robots with node.js
http://nodecopter.com/

2012年11月30日 星期五

賽的缺‧摸愛(賽德克巴萊改編)


賽的缺‧摸愛(賽德克巴萊改編)
http://sourcest.net/c3115.html
http://www.youtube.com/watch?feature=player_embedded&v=eYQhAGQJmXE


作者是我公...不...是前公司來的吧....


2012年11月29日 星期四

ODROID-X running Ubuntu

Ubuntu
http://odroid.foros-phpbb.com/f39-ubuntu

[Now 3.6.6] Linux Kernel 3.6-rc5 runs Ubuntu ARM 12.10 on ODROID-X
http://odroid.foros-phpbb.com/t1171-now-366-linux-kernel-36-rc5-runs-ubuntu-arm-1210-on-odroid-x

3.2 Ubuntu and other Linux distributions
http://dev.odroid.com/projects/odroid-xq/#s-3.2

odroid development center: ODROID-X-Q: ubuntu
http://dev.odroid.com/projects/odroid-xq/wiki?ubuntu

Index of /odroid/mirror/ubuntu12.10-3.6.6
http://www.mdrjr.net/odroid/mirror/ubuntu12.10-3.6.6/

2012 etrade W-8BEN






 

What is the meaning of the, in care of, address line1 and address line2, which I faced in an application form? - Yahoo! Answers
http://answers.yahoo.com/question/index?qid=20081110024940AAFSrnY

In case you don't have a permanent place BUT you have permanent address (family home) then the mail will be sent to your permanent address, "in care of" your father/ mother's name.

United States Income Tax Treaties - A to Z
http://www.irs.gov/Businesses/International-Businesses/United-States-Income-Tax-Treaties---A-to-Z
 

ODROID-X bringup log


買了條HDMI female-to-DVI male轉接頭和HDMI A-to-D傳輸線,並拿了個5V4A的變壓器改頭

插上電源後D4亮起來了,但因為還沒有放SD卡,按下power後馬上就會關機
CON3上的VDD-IO也只有在按下power時才有1.8V output, 放開就沒有了

OP-1010取掉R7,在VO33與VD232上焊上排針
把CON3上的pin, 從靠CON3字樣起算分別是VDD-IO, TTA-RXD, TTA-TXD, 接地

  • VDD-IO 接到 VD232
  • TTA-RXD接到Rx
  • TTA-TXD接到Tx
  • 接地 接到 Gnd
弄一塊8G以上的SD卡,按照以下程序安裝:
SD Card setup for ODROID-X
http://com.odroid.com/sigong/blog/blog_list.php?bid=130

解出來的*.odt不要放在桌面,可能是Win32DiskImager不支援長檔名或中文路徑

How to turn on your ODROID-X.
 http://odroid.foros-phpbb.com/t1172-how-to-turn-on-your-odroid-x
插上SD卡按了power以後,如果boot到u-boot,D5和D6會半亮
進kernel後,D5會全亮,D6會每秒閃一次

(原來我以為UART應該odroid Rx接op-1010 Tx,但是反而會讓odroid boot不起來,D5D6都半亮,似乎卡在u-boot)

OP-1010看的到輸出,但是HDMI仍然沒有輸出
Console Output
[   48.370127] No such irq type 0
[   48.370252] setting trigger mode 0 for irq 383 failed (exynos_irq_eint_set_type+0x0/0x218)
[   51.931581] No such irq type 0
[   51.931705] setting trigger mode 0 for irq 383 failed (exynos_irq_eint_set_type+0x0/0x218)
[   81.173680] No such irq type 0
[   81.173806] setting trigger mode 0 for irq 383 failed (exynos_irq_eint_set_type+0x0/0x218)
HDMI - hdmi output
http://odroid.foros-phpbb.com/t1419-hdmi-output?highlight=HDMI
HDMI - odroid-X with DVI LCD?
http://odroid.foros-phpbb.com/t1193-odroid-x-with-dvi-lcd?highlight=HDMI
FAQs - ODROID :: Hardkernel
http://www.hardkernel.com/renewal_2011/products/prdt_info.php?g_code=G133999328931&tab_idx=3
DISPLAY
What display can I use?
There are HDMI out and RGB digital out are available on ODROID-X.
HDMI can support only 720p/1080p resolution with 16:9 wide display.
HDMI-DVI converter will not work properly because Exynos4 HDMI is not compatible with VESA standard.
So most of old PC monitors can't be used.

We recommend LCD kit if your monitor/TV is old model. LCD kit contains LCD panel + interface board + LVDS cable + power supply.
幹...中招了...

TV: Sharp LC-32A33T 1080p顯示不相容,720p可以用
Monitor: Acer P235H 1080p/720p皆可

這下該怎麼辦呢.....我不想再促進經濟了呀...

新灌的SD卡的data partition都沒有format,在Android裡會顯示損壞,選擇重新format就好了





2012年11月28日 星期三

ODROID-X Information

Features - ODROID :: Hardkernel
http://www.hardkernel.com/renewal_2011/products/prdt_info.php?g_code=G133999328931&tab_idx=1

Board Detail - ODROID :: Hardkernel
http://www.hardkernel.com/renewal_2011/products/prdt_info.php?g_code=G133999328931&tab_idx=2

odroid development center: ICS on Exynos4210: Project Info
http://dev.odroid.com/projects/ics/

ODROID :: Community
http://odroid.foros-phpbb.com/

Downloads - ODROID :: Hardkernel
http://com.odroid.com/sigong/nf_file_board/nfile_board.php
ODROID-X Downloads - ODROID :: Hardkernel
http://com.odroid.com/sigong/nf_file_board/nfile_board.php?tag=ODROID-X

Exynos-4412 Android 4.0.4 BSP (Update! Alpha 3.1)
http://odroid.foros-phpbb.com/t1154-exynos-4412-android-404-bsp-update-alpha-31
Latest version of ICS and JB
http://odroid.foros-phpbb.com/t1415-latest-version-of-ics-and-jb
ODROID-X Android Alpha-3 image release (Alpha 3.5 !!)
http://odroid.foros-phpbb.com/t1270-odroid-x-android-alpha-3-image-release-alpha-35
ODROID-X Android Alpha-3.5 image release
http://com.odroid.com/sigong/nf_file_board/nfile_board_view.php?keyword=&tag=ODROID-X&bid=121

ODROID-X : History of PCB revision. (for schematics)
http://com.odroid.com/sigong/blog/blog_list.php?bid=132

USB/UART
Features - ODROID :: Hardkernel
http://www.hardkernel.com/renewal_2011/products/prdt_info.php

UART     System console monitoring for development (1.8volt interface)

(..........)

USB-UART Module Kit
CP2104: USB to Serial UART bridge IC with 1.8V interface

RS-232 vs. TTL Serial Communication - SparkFun Electronics
http://www.sparkfun.com/tutorials/215
Most microcontrollers these days have built in UARTs (universally asynchronous receiver/transmitter) that can be used to receive and transmit data serially. UARTs transmit one bit at a time at a specified data rate (i.e. 9600bps, 115200bps, etc.). This method of serial communication is sometimes referred to as TTL serial (transistor-transistor logic). Serial communication at a TTL level will always remain between the limits of 0V and Vcc, which is often 5V or 3.3V. A logic high ('1') is represented by Vcc, while a logic low ('0') is 0V.
 
萬平科技-USB To TTL(1.8V~3.3V),可支援Win8, 16線式,PL2303HXD,有電源/TX/RX三色指示燈,可做完整的開發及應用(附4條杜邦線) - 露天拍賣
http://goods.ruten.com.tw/item/show?21108033081670#auc

USB to TTL(預設為3.3V, 可自行調整為1.8~3.3V) 16 I/O, PL2303 HXD(最新款的第五代PL2303) chip, OP-1010
http://www.oneping.com.tw/p_usb2ttl_16.htm

USB to TTL(1.8V) 16 I/O, PL2303 HXD(最新款的第五代PL2303) chip, OP-1010
http://www.oneping.com.tw/p_usb2ttl_16_18V.htm

萬平科技 葉安彬 先生:
UART預設電壓是3.3V,
如要自行調整TTL 電壓時,請將R7 移掉後:
如從VD232 處輸入1.8V 時,那Tx、DTR 及RTS 的輸出電壓準位就會為1.8V。
如從VD232 處輸入2.5V 時,那Tx、DTR 及RTS 的輸出電壓準位就會為2.5V。
如從VD232 處輸入3.3V 時,那Tx、DTR 及RTS 的輸出電壓準位就會為3.3V
其輸入電源是一個外接電源(如一個電源供應器).
OP-1010-18V板子上有用一個LDO接在VD232這裡,所以OP-1010-18V才會輸出1.8V, 因為有多用一個LDOIC, 所以售價是165元(有含四條線),有很多人是直接買OP-1010-18V這個型號測試1.8V.
不過也有些人是買OP-1010,自己用電源供應器接1.8V,這樣也可以用1.8V的UART..

網樂通改機

派樂靈丹 - TWPDA: 網樂通改成 Linux
http://www.twpda.com/2012/10/linux.html

2012年11月26日 星期一

投資標的 vs Morningstar 2012 ETF award

Morningstar的2012 ETF Award得獎清單 @ USA Stock.美股投資部落格
http://buffettism.blogspot.tw/2012/11/morningstar2012-etf-award.html

ief(.15%, .1453): agg(.08%, .2426), biv(.11%, .2252), bnd(.1%, .1785), bond(.55%, .2, ~10%), tlt(.15%, .2696)

vt(.22%, .584/3): acwi(.34%, .6039/6)

vwo(.2%, .525/3): gmm(.59%, .562/6)

2012年11月21日 星期三

Document Generator

[wiki] Comparison of documentation generators
http://en.wikipedia.org/wiki/Comparison_of_documentation_generators

[wiki] Lightweight markup language
http://en.wikipedia.org/wiki/Lightweight_markup_language


Creating professional documentation with Linux tools
http://www.dmncommunications.com/articles/linux_tech_write.html

7 of the Best Free Linux Document Management Systems - Linux Links - The Linux Portal Site
http://www.linuxlinks.com/article/20101114192433367/DocumentManagementSystems.html




人生必須不停地改變 - 新部落格開站宣言 — hoamon's sandbox
http://www.hoamon.info/blog/2012/11/04/change.html

Overview — Sphinx 1.1.3 documentation
http://sphinx-doc.org/

Available builders — Sphinx 1.2 (hg) documentation
http://sphinx-doc.org/latest/builders.html

Docutils Project Documentation Overview
http://docutils.sourceforge.net/docs/index.html

Home — Tinkerer
http://www.tinkerer.me/

[wiki] EasyInstall
http://en.wikipedia.org/wiki/EasyInstall
EasyInstall is a package manager for the Python programming language that provides a standard format for distributing Python programs and libraries (based on the Python Eggs wrapper).
reStructuredText
http://docutils.sourceforge.net/rst.html

Quick reStructuredText
http://docutils.sourceforge.net/docs/user/rst/quickref.html

淺談 reStructuredText 與 Sphinx | Blog.XDite.net
http://wp.xdite.net/?p=3020

拜Python教之Django光明會支部 [ 使徒提姆@Python ]: [tips] sphinx支持中文pdf的方法
http://timchen119.blogspot.tw/2009/08/tips-sphinxpdf.html

[tip] python-docutils: rst2latex create chinese pdf | 寫 code 當總統
http://kalug.linux.org.tw/~lloyd/bblog/archives/2009/11/09/%5Btip%5D_python-docutils:_rst2latex_create_chinese_pdf/

2012年11月15日 星期四

香港旅遊資訊

GovHK 香港政府一站通:香港自遊樂
http://www.gov.hk/tc/residents/culture/fun/

GovHK 香港政府一站通:郊野公園、遠足路徑及營地
http://www.gov.hk/tc/residents/culture/fun/#/tc/residents/culture/trail/

漁農自然護理署 露營活動
http://www.afcd.gov.hk/tc_chi/country/cou_vis/cou_vis_cam/cou_vis_cam.html

漁農自然護理署 指定露營地點
http://www.afcd.gov.hk/tc_chi/country/cou_vis/cou_vis_cam/cou_vis_cam_cam/cou_vis_cam_cam.html

GovHK 香港政府一站通:香港單車遊
http://www.gov.hk/tc/residents/culture/recreation/activities/cycling.htm


GovHK 香港政府一站通:香港的自然景觀
http://www.gov.hk/tc/residents/culture/trail/country/hknaturalscenery.htm

香港本地旅行團 | 香港旅遊發展局
http://www.discoverhongkong.com/tc/see-do/tours-walks/guided-tours/index.jsp

必遊景點 | 香港旅遊發展局
http://www.discoverhongkong.com/tc/see-do/highlight-attractions/index.jsp

香港旅遊館: 香港十大旅遊景點 | 十大香港自由行景點
http://www.1-hong-kong.com/hktbig5/010/01-01.htm




電力計

便宜電力計心得分享 (第1頁) - 家電綜合 - Mobile01
http://www.mobile01.com/topicdetail.php?f=168&t=1689364&last=35500846

JNX-2000D測電器(PowerMeter)介紹
http://ycfunet.blogspot.tw/2012/11/jnx-2000dpowermeter.html

JNX-2000D測電器(PowerMeter)-Linux讀取程式(流程、格式說明篇)
http://ycfunet.blogspot.tw/2012/11/jnx-2000dpowermeter-linux.html

JNX-2000D測電器(PowerMeter)-Linux讀取程式(程式碼下載、使用說明篇)
http://ycfunet.blogspot.tw/2012/11/jnx-2000dpowermeter-linux_14.html

【TopDIY】JNX-2000A 電費計 功率計 電流表 功率因數表 110V~220V
http://goods.ruten.com.tw/item/qa?21111255422983#qna

【TopDIY】JNX-2000D 無線版功率計 含軟體、無線手持接收器 電費計 電流表 功率因數表 110V~220V
http://goods.ruten.com.tw/item/show?21206011743142



2012年11月2日 星期五

2012年11月1日 星期四

跑步環島


8/27 出發去跑步環島
http://www.taipeimarathon.org.tw/forum/forum_posts.asp?TID=9827&PN=1&title=8-27


由於無人補給,行李皆須自行背負;因此,將以最精簡為主,希望能控制在一個籃球大小、十公斤以內。同時,又因經費有限,能借宿就借宿,能A就A;萬一都沒有,可能要露宿了。

(.............)

身上還有背包上記得別上反光標示,最好能戴上會閃的LED警示燈

(.............)

一套短衣褲,是逛夜市和借宿時當睡衣用;還有盥洗用具、藥物、證件、提款卡、墨鏡、備用眼鏡等等,大宗的是 3C 用品,很佔重量。

(.............)

 悠遊卡、提款卡、信用卡、身份證、健保卡
[心得] 拖了很久的環島心得 - 看板 Road_Running - 批踢踢實業坊
http://www.ptt.cc/bbs/Road_Running/M.1384412776.A.B91.html
1.osprey 3L 水袋背包 2.雨衣 3.兩件長袖排汗衣 4.一件短袖汗衫 5.三雙襪子 6.盥洗用品 7.防曬乳 8.小的數位相機 9.手機行動電源 10.相機充電器 11.筆記本12.太陽眼鏡 13.兩條buff魔術頭巾
(.....)
建議攜帶頭燈



2012年10月26日 星期五

馬拉松世界

Marathon's World - Race Record, Training, Forum for Running
http://www.marathonsworld.com

2012年10月25日 星期四

Etrade Debit Card


Request a Debit Card
https://us.etrade.com/e/t/accounts/orderatmcard

Note: The order will not ship unless there are available funds in your account. You must have a valid U.S. Social Security Number (SSN) or Individual Taxpayer Identification Number (ITIN) and a valid U.S. address to be eligible for a debit card..
Activate a Debit Card
https://us.etrade.com/e/t/estation/pricing?id=1903020000

Learn more about E*TRADE Bank ATM options
https://us.etrade.com/e/t/estation/help?id=1903000000#Learn


How many ATM refunds will I receive per month?
https://us.etrade.com/e/t/estation/contexthelp?id=1203011000#h

The E*TRADE Complete? Debit Card offers unlimited ATM fee refunds to:

    Customers maintaining a balance of $50,000 or more in combined E*TRADE Securities and E*TRADE Bank accounts

    OR

    Customers making at least 30 stock or options trades per quarter.

*All other customers currently receive (5) ATM fee refunds a month.



2012年10月18日 星期四

彭明輝教授:生命是一連串長期而持續的累積 - 藏經閣

彭明輝教授:生命是一連串長期而持續的累積 - 藏經閣
http://csie-tw.blogspot.tw/2007/11/blog-post_26.html#ixzz2999qt5a1

本文作者:清華大學動力機械工程學系,彭明輝教授

許多同學應該都還記得聯考前夕的焦慮:差一分可能要掉好幾個志願,甚至於一生的命運從此改觀!

到了大四,這種焦慮可能更強烈而複雜:到底要先當兵,就業,還是先考研究所?

我就經常碰到學生充滿焦慮的問我這些問題。

可 是,這些焦慮實在是莫須有的!生命是一種長期而持續的累積過程,絕不會因為單一的事件而毀了一個人的一生,也不會因為單一的事件而救了一個人的一生。屬於 我們該得的,遲早會得到;屬於我們不該得的,即使僥倖巧取也不可能長久保有。如果我們看清這個事實,許多所謂“人生的重大抉擇”就可以淡然處之,根本無需 焦慮。而所謂”人生的困境”,也往往當下就變得無足掛齒。

以聯考為例:

一向不被看好好的甲不小心猜對十分,而進了建國中 學;一向穩上建國的乙不小心丟了二十分,而到附中。放榜日一家人志得意滿,另一家人愁雲慘霧,好像甲,乙兩人命運從此篤定。可是,聯考真的意謂著什麼?建 國中學最後錄取的那一百人,真的有把握一定比附中前一百名前景好嗎?僥倖考上的人畢竟只是僥倖考上,一時失閃的人也不會因為單一的事件而前功盡棄。一個人 在聯考前所累積的實力,絕不會因為放榜時的排名而有所增減。

因為,生命是一種長期而持續累積的過程!

所以,三年後乙順利 的考上台大,而甲卻跑到成大去。這時回首高中聯考放榜的時刻,甲有什麼好得意?而乙又有什麼好傷心?同樣的,今天念清大電機的人當年聯考分數都比今天念成 大機械的高,可是誰有把握考研究所時一定比成大機械的人考的好?仔細比較甲與乙的際遇,再重新想想這句話:

生命是一種長期而持續的累積過程,不會因為一時的際遇而終止或增減,聯考排名只是個表象,有何可喜,可憂,可懼?

我 常和大學部同學談生涯規劃,問他們三十歲以後希望再社會上扮演什麼樣的角色。可是,到現在沒有人真的能回答我這個問題,他們能想到的只有下一步到底是當兵 還是考研究所。聯考制度已經把我們對生命的延續感徹底瓦解掉,剩下的只有片段的“際遇”,更可悲的甚至只活在放榜的那個(光榮或悲哀的)時刻!

但 是,容許我不厭其煩的再重複一次:生命的真相是一種長期而持續的累積過程(這是偶發的際遇無法剝奪的),而不是一時順逆的際遇。如果我們能看清處這個事 實,生命的過程就真是“功不唐捐”,沒什麼好貪求,也沒什麼好焦慮的了!剩下來,我們所需要做的無非只是想清楚自己要從人生獲得什麼,然後安安穩穩,誠誠 懇懇的去累積就是了。

我自己就是一個活生生的例子。

從一進大學就決定不再念研究所,所以,大學四年的時間多半在唸人文科 學的東西。畢業後工作了幾年,才決定要念研究所。碩士畢業後,立下決心:從此不再為文憑而唸書。誰知道,世事難料,當了五年講師後,我又被時勢所迫,整裝 出國念博士。出國時,一位大學同學笑我:全班最晚念博士的都要回國了,你現在才要出去?

兩年後我從劍橋回來,覺得人生際遇無常,莫此為甚:一個從大一就決定再也不鑽營學位的人,竟然連碩士和博士都拿到了!屬於我們該得的,哪樣曾經少過?

而人生中該得與不該得的究竟有多少,我們又何曾知曉?從此我對際遇一事不能不更加淡然。

當講師期間,有些態度較極端的學生會當面表現出他們的不屑;從劍橋回來時,卻被學生當做不得了的事看待。

這種表面上的大起大落,其實都是好事者之言,完全看不到事實的真相。

從表面上看來,兩年就拿到劍橋博士,這好像很了不起。但是,在這“兩年”之前我已經花整整一年,將研究主題有關的論文全部看完,並找出研究方向;而之前更已花三年時間做控制方面的研究,並且在國際著名的學術期刊中發表論文。

而從碩士畢業到拿博士,期間七年的時間我從不停止過研究與自修。所以,這個博士其實是累積了七年的成果,(或者,只算我花在控制學門的時間,也至少有五年),根本也沒什麼好驚訝的。

常人不從長期而持續的累積過程來看待生命因積蓄而有的成果,老愛在表面上以斷裂而孤立的事件誇大議論,因此每每在平淡無奇的事件上強做悲喜。

可是對我來講,每當講師期間被學生瞧不起,以及劍橋剛回來時被同學誇大本事,都只是表象。事實是:我只在乎每天二十四小時點點滴滴的累積。

拿碩士或博士只是特定時刻裡這些成果累積的外在展示而已,人生命中真實的累積從不曾因這些事件而終止或加添。

常有學生滿懷憂慮的問我:

“老師,我很想先當完兵,工作一兩年再考研究所。這樣好嗎?”

“很好,這樣子有機會先用實務來印證學理,

你念研究所時會比別人瞭解自己要的是什麼。”

“可是,我怕當完兵又工作後,會失去鬥志,因此考不上研究所。”

“那你就先考研究所好了。”

“可是,假如我先念研究所,我怕自己又會像念大學時一樣茫然,

因此念的不甘不願的。”

“那你還是先去工作好了!”

“可是。。。。。。。”

我完全可以體會到他們的焦慮,可是卻無法壓抑住對於這種話的感慨。其實,說穿了他所需要的就是兩年研究所加兩年工作,以便加深知識的深廣度和獲取實務經驗。先工作或先升學,表面上大相逕庭,其實骨子裡的差別根本可以忽略。

在”朝三暮四”這個成語故事裡,主人原本餵養猴子的橡實是”早上三顆下午四顆”,後來改為”朝四暮三”,猴子就不高興而堅持改回到”朝三暮四”。

其實,先工作或先升學,期間差異就有如”朝三暮四”與”朝四暮三”,原不值得計較。但是,我們經常看不到這種生命過程中長遠而持續的累積,老愛將一時際遇中的小差別誇大到攸關生死的地步。

最 諷刺的是:當我們面對兩個可能的方案,而焦慮的不知何所抉擇時,通常表示這兩個方案或者一樣好,或者一樣壞,因而實際上選擇哪個都一樣,唯一的差別只是先 後之序而已。而且,愈是讓我們焦慮得厲害的,其實差別越小,愈不值得焦慮。反而真正有明顯的好壞差別時,我們輕易的就知道該怎麼做了。

可是我們卻經常看不到長遠的將來,短視的盯著兩案短期內的得失:想選甲案,就捨不得乙案的好處;想選乙案,又捨不得甲案的好處。如果看得夠遠,人生常則八,九十,短則五,六十年,先做哪一件事又有什麼關係?甚至當完兵又工作後,再花一整年準備研究所,又有什麼了不起?

當 然,有些人還是會憂慮說:“我當完兵又工作後,會不會因為家累或記憶力衰退而比較難考上研究所?” 我只能這樣回答:一個人考不上研究所,只有兩個可能: 或者他不夠聰明,或者他的確夠聰明。不夠聰明而考不上,那也沒什麼好抱怨的。假如你夠聰明,還考不上研究所,那只能說你的決心不夠強。假如你是決心不夠 強,就表示你生命中還有其他的可能性,其重要程度並不下於碩士學位,而你捨不得丟下他。既然如此,考不上研究所也無須感到遺憾。不是嗎?人生的路這麼多, 為什麼要老斤斤計較著一個可能性?

我高中最要好的朋友,一生背運:高中考兩次,高一念兩次,大學又考兩次,甚至連機車駕照都考兩次。畢業 後,他告訴自己:我沒有人脈,也沒有學歷,只能靠加倍的誠懇和努力。現在,他自己擁有一家公司,年收入數千萬。一個人在升學過程中不順利,而在事業上順 利,這是常見的事。有才華的人,不會因為被名校拒絕而連帶失去他的才華,只不過要另外找適合他表現的場所而已。反過來,一個人在升學過程中太順利,也難免 因而放不下身段去創業,而只能乖乖領薪水過活。

福禍如何,誰能全面知曉?我們又有什麼好得意?又有什麼好憂慮?人生的得與失,有時候怎麼也說不清楚,有時候卻再簡單不過了:我們得到平日累積的成果,而失去我們不曾努力累積的!所以重要的不是和別人比成就,而是努力去做自己想做的。

功不唐捐,最後該得到的不會少你一分,不該得到的也不會多你一分。

好 像是前年的時候,我在往藝術中心的路上遇到一位高中同學。他在南加大當電機系的副教授,被清華電機聘回來給短期課程。從高中時代他就很用功,以第一志願上 台大電機後,四年都拿書卷獎,相信他在專業上的研究也已卓然有成。回想高中入學時,我們兩個人的智力測驗成績分居全學年第一,第二名。可是從高一我就不曾 放棄自己喜歡的文學,音樂,書法,藝術和哲學,而他卻始終不曾分心,因此兩個人在學術上的差距只會愈來愈遠。反過來說,這十幾二十年我在人文領域所獲得的 滿足,恐怕已遠非他所能理解的了。

我太太問過我,如果我肯全心專注於一個研究領域,是不是至少會趕上這位同學的成就?我不這樣想,兩個不 同性情的人,註定要走兩條不同的路。不該得的東西,我們註定是得不到的,隨隨便便拿兩個人來比,只看到他所得到的,卻看不到他所失去的,這有什麼意義?從 高中時代開始,我就不曾仔細計算外在的得失,只安心的做自己想做的事:我不喜歡鬼混,願意花精神把自己分內的事做好;我不能放棄對人文精神的關懷,會持續 一生去探討。事實單單純純的只是:

我只在乎每天二十四小時生命中真實的累積,而不在乎別人能不能看到我的成果。

有人問我,既然遲早要念博士,當年念完碩士早出國,今天是不是可以更早升教授?我從不這樣想。老是斤斤計較著幾年拿博士,幾年升等,這實在很無聊,完全未脫離學生時代“應屆考取”的稚氣心態!人生長的很,值得發展的東西又多,何必在乎那三、五年?

反過來說,有些學生覺得我”多才多藝”,生活”多采多姿”,好像很值得羨慕。可是,為了兼顧理工和人文的研究,我平時要比別人多花一倍心力,這卻又是大部分學生看不到,也不想學的。

有次清華電臺訪問我:“老師你如何面對你人生中的困境?”

我當場愣在那裡,怎麼樣都想不出我這一生什麼時候有過困境!

後來仔細回想,才發現:我不是沒有過困境,而是被常人當作“困境”的境遇,我都當作一時的際遇,不曾在意過而已。

剛 服完兵役時,長子已出生卻還找不到工作。我曾焦慮過,卻又覺得遲早會有工作,報酬也不至於低的離譜,就不曾太放在心上。念碩士期間,家計全靠太太的薪水, 省吃儉用,但對我而言又算不上困境。一來,精神上我過的很充實,二來我知道這一切是為了讓自己有機會轉行去教書(做自己想做的事)。

三十一歲才要出國,而同學正要回系上任教,我很緊張(不知道劍橋要求的有多嚴),卻不曾喪氣。因為,我知道自己過去一直很努力,也有很滿意的心得和成果,只不過別人看不到而已。

我沒有過困境,因為我從不在乎外在的得失,也不武斷的和別人比高下,

而只在乎自己內在真實的累積。我沒有過困境,因為我確實了解到:生命是一種長期而持續的累積過程,絕不會因為單一的事件而有劇烈的起伏。

同時我也相信:屬於我們該得的,遲早會得到;屬於我們不該得的,即使一分也不可能增加。

假如你可以持有相同的信念,那麼人生於你也會是寬廣而長遠,沒有什麼了不得的“困境”,也沒有什麼好焦慮的了。

2012年10月17日 星期三

手機序號 (IMEI)

胖大惡魔的生活
http://panda.plog.mlc.edu.tw/post/1/5671

撥打: *#06# 就會出現15碼的數字

國際移動裝備辨識碼(International Mobile Equipment Identity number,IMEI),即通常所說的手機序列號
臺北市政府警察局 ─ 手機序號查詢
http://www.tcpd.taipei.gov.tw/ct.asp?xItem=9270274&ctNode=47265&mp=108001

International Numbering Plans, © 2001-2012
http://www.numberingplans.com/?page=analysis&sub=imeinr

手機序號建檔 買賣可上網查贓-手機遺失-Sogi! 手機王
http://www.sogi.com.tw/newforum/article_list.aspx?topic_ID=6181714


2012年10月3日 星期三

運動前後的飲食


最麻吉的運動飲食計劃 - 康健雜誌96期
http://www.commonhealth.com.tw/article/article.action?id=5016362&page=1

運動的食物禁忌
  1. 含咖啡因飲料:「咖啡因會影響胰島素分泌,」美國運動協會(ACE)指出,喝完咖啡1小時後會產生疲倦感、甚至覺得虛脫無力。
  2. 含酒精、蘇打等刺激性飲料。「別忘了三餐營養均衡更重要,」李祥瑞呼籲,正餐是根基,「像建築物,」基樁穩了,加上牢固的建材,才會活力加倍。
  3. 會「產氣」的食物,造成運動時賬氣、腹痛,如豆類、洋蔥、茄子、馬鈴薯等。
  4. 油膩食物及甜食:如炸雞、薯條等,身體需花較多時間吸收消化,造成運動時腸胃不適,運動完吃,則容易囤積成脂肪。
  5. 可樂:既含咖啡因、會「產氣」、又屬碳酸飲料,台安醫院營養師李祥瑞提醒,就算是低卡可樂,不論運動前後,最好別喝。


運動前,多吃含碳水化合物且低脂的食物,如五穀雜糧飯、全麥土司、麵包等。
運動後,可多吃富含蛋白質的食物,如魚、瘦肉、牛奶、蛋等。
運動前、後,多吃維生素E高的食物,如堅果類的杏仁、花生、核桃等。
運動前、後,別忘補充維生素C高的食物,如柑橘類水果、奇異果、芭樂、蘋果等。

運動後一小時聰明吃,加速減重 - 康健雜誌165期
http://www.commonhealth.com.tw/article/article.action?id=5042378&page=1
根據國外的設計研究,最聰明的做法是運動後吃點東西,碳水化合物與蛋白質比例為4:1或是3:1,能對肌肉恢復產生較好的效果。

(..................)

並且份量不要多,熱量控制在300卡左右,在這個原則之下,不會讓你脂質合成的酵素增加。

(..................)
 
如何控制運動後的點心為300卡以下,且碳水化合物與蛋白質為4~3:1有訣竅。
劉美珍建議民眾把握一個原則,含有比較多碳水化合物成分的食物,例如鮪魚御飯糰、包子、壽司,可搭配另外一種含蛋白質比較多的食物例如低脂牛奶、優酪乳或低糖豆漿等,營養上較為均衡。
例如香蕉搭配一杯低脂牛奶,即為碳水化合物與蛋白質的均衡分配,熱量只有約250卡。其他像地瓜+1顆水煮蛋、幾顆杏仁果+低糖豆漿,或是一份馬鈴薯沙拉三明治,也都是可以考慮的選擇。



 

2012年10月1日 星期一

Performance Reviews Samples

Self Evaluation Performance Phrases: Part 1 | i hate performance reviews
http://ihateperformancereviews.com/2010/07/self-evaluation-performance-phrases-part-1/

Annual Performance Reviews Sample Comments: Phrases for How to Say It | Jerm
http://www.jerm.com/2008/03/annual-performance-reviews-sample-comments-phrases-for-how-to-say-it/


2012年9月26日 星期三

楚狂人接輿

楚狂人接輿
http://edba.ncl.edu.tw/ChijonTsai/CHUANG/chuang-56.htm

孔子適楚,楚狂接輿游其門曰:「鳳兮鳳兮,何如德之衰也!來世不可待,往世不可追也。天下有道,聖人成焉;天下無道,聖人生焉。方今之時,僅免刑焉。福輕乎羽,莫之知載;禍重乎地,莫之知避。已乎已乎!臨人以德。殆乎殆乎!畫地而趨。迷陽迷陽,無傷吾行;郤曲郤曲,無傷吾足。」

莊子對孔子的看法(一)
http://club.ntu.edu.tw/~davidhsu/Lao-Chuang-Lecture/discuss_16/report/TheViewpointOnConfuciusOfChuangTzu_1.html

成語故事 河漢無極
http://www.epochtimes.com/b5/4/6/19/n572814.htm
【譯文】孔子去到楚國,楚國隱士接輿有意來到孔子門前,說“鳳鳥啊,鳳鳥啊!你怎么怀有大德卻來到這衰敗的國家!未來的世界不可期待,過去的時日無法追回。天下得到了治理,圣人便成就了事業;國君昏暗天下混亂,圣人也只得順應潮流苟全生存。當今這個時代,怕就只能免遭刑辱。幸福比羽毛還輕,而不知道怎么取得;禍患比大地還重,而不知道怎么回避。算了吧,算了吧!不要在人前宣揚你的德行!危險啊,危險啊!人為地划出一條道路讓人們去遵循!遍地的荊棘啊,不要妨礙我的行走!曲曲彎彎的道路啊,不要傷害我的雙腳!

2012年9月18日 星期二

2012年8月28日 星期二

如果你不在乎品質,那麼無論需求是什麼你都能符合。

每個Sprint都做不完的七大原因
http://jonathanspeaking.blogspot.tw/2012/08/Why-Team-Not-Getting-to-Done.html



【溫伯格的軟體管理學:第一級評量(第2卷)】法則、定律、與原理 一覽表 @ 經濟新潮社EcoTrend官方部落格
http://ecocite.pixnet.net/blog/post/21534974
狄馬克原理:你量測什麼,大家就會努力什麼。(頁65)
品質第零法則:如果你不在乎品質,那麼無論需求是什麼你都能符合。(頁189)
軟體第零法則:如果軟體不需實際派上用場,那麼無論需求是什麼你都能符合。(頁189)
軟體工程第零法則:如果你不在乎品質,那麼無論目標是什麼你都能達成。(頁402)

燃燒充電

BioLite - BioLite Stove
http://biolitestove.com/

The PowerPot
https://www.thepowerpot.com/



史特靈引擎 (Stirling engine)

Demonstration of wood burning Stirling engine - YouTube


极速引擎的魅力-斯特林引擎 - docin.com豆丁网
http://www.docin.com/p-25961718.html

從從-唐從聖 史特林引擎 stirling engine - YouTube


STIRLING ENGINE SOLAR POWER PARABOLIC MIRROR ELECTRIC GENERATOR - YouTube


史特靈發電機
http://www.iaa.ncku.edu.tw/~cheng/cheng_html/chinese/left%20contents/mid%20contents/Stirling/Stirling.htm

Stirling engine generator powering radio (approx 50mw) - YouTube


Stirling Engin E905 Trial Run - YouTube
http://www.youtube.com/user/kyowa1193

Desktop Stirling Engine with Generator (史特林引擎發電機) - 露天拍賣--簡單、好玩、免費、安全
http://goods.ruten.com.tw/item/show?21104093071615#auc

2012年8月23日 星期四

Randy Pausch的最後一堂課

Randy Pausch的最後一堂課

鹿港司 大仁工具行

鹿港司 大仁工具行
彰化縣鹿港鎮永寧街36號
http://www.chien-teng.com.tw/taren/

2012年8月7日 星期二

IPSec transport inbound with NAT-T enabled need to update TCP/UDP checksum

Both TCP & UDP checksum use pseudo header which include source and destination address.
In transport mode, there is only one IP header. If source or destination IP is changed by NAT, the TCP/UDP checksum in IPSec data needs to be updated, or the L4 integrity check will fail



Refer to NAT-Traversal
http://mkl-note.blogspot.tw/2011/12/nat-traversal.html

2012年7月30日 星期一

花蓮 富里鄉 竹田村 六十石山

【花蓮】2011六十石山金針花盛開美景 @ 攝影‧旅行‧拈花惹草→Morris :: 痞客邦 PIXNET ::
http://yuminghui.pixnet.net/blog/post/29605178-%E5%85%AD%E5%8D%81%E7%9F%B3%E5%B1%B1-%E9%87%91%E9%87%9D%E8%8A%B1

順益休閒農莊

2012年7月27日 星期五

二手木料

(部分資料來自 樂在原木生活)

芳希木業
宜蘭縣冬山鄉梅林路253號
03-958-3501
尺寸有誤的檜木格門

上興舊木料行 02-29340172
台北市文山區辛亥路4段109號;營業時間W1~W6 8:00~18:00

二手木材三宏的電話0910960379
蔡老闆
北二高南下香山交流道 下交流道靠右邊(竹南)開
第一個紅綠燈左轉
第一個十字路口看到廖心蘭豆乾右轉
就在過橋前 看到一大堆木材的就是了
03-5374357 行動0910960379

苗栗縣通霄鎮梅南里14鄰103號
0922-123649 呂老板

大里舊木料行
高先生 0953-066-299
dsvd.job@gmail.com
台中縣大里市新仁路內新紡織廠旁

江山木材行
0963-355-913
高雄縣大寮鄉江山路73-60號
http://www.tw-timber.com/

安安台灣檜木專賣店
0933-307-350吳先生
cywu001@yahoo.com.tw
高雄縣
檜木新舊木料

有二手木料可賣
宜蘭改車大學-改車之家
0932358836

院子378 (02)2995-5097
院子378的地址在:宜蘭羅東鎮西安街378號

宜蘭縣巨大再生家具儲存及展示廠
宜蘭縣利澤垃圾資源回收(焚化)廠區內(宜蘭縣五結鄉利澤村利工二路100號)
(03)9907755分機602
每單數月(1月、3月、5月、7月、9月、11月)第1個星期五上午9時至下午4時(中午12時至下午1時30分休息)

(木料行)
正昌製材工廠
03-593-3904
新竹縣橫山鄉橫山街一段152號
http://www.wood.jen.com.tw

廣昇木材行
桃園03-411-5413
桃園縣龍潭鄉佳安路116號
台中04-2335-4113
台中縣烏日鄉太明路6-15號C棟
http://tw.myblog.yahoo.com/hungyultd-japen

尚新木材行
02-2810-5187
台北市士林區延平北路七段106巷334號

國嘉實業
02-2820-3588
台北市承德路七段1巷1號

張嘉茂木材行
05-597-5580
雲林縣斗南鎮將軍里5號

德豐木業
049-265-8287, 049-264-2094
南投縣竹山鎮延平一路2號
http://www.tefeng.com.tw/

台中軍功路竹材行
0932-519-570許先生
台中市軍功路二段448號
yuke31@hotmail.com

2012年7月2日 星期一

Bash Shell Generate Random Numbers

Bash Shell Generate Random Numbers
http://www.cyberciti.biz/faq/bash-shell-script-generating-random-numbers/

0-32767(0x7fff)
# echo $RANDOM
9896
# od -vAn -N4 -tu4 < /dev/urandom
2403096920
# od -vAn -N2 -tu2 < /dev/urandom
10369

2012年6月20日 星期三

Git Immersion: 一步一步實作了解 git 的入門文件

Git Immersion - Brought to you by EdgeCase
http://gitimmersion.com/index.html

[中文版] Git Immersion - Brought to you by EdgeCase
http://gitimmersion-apputu.rhcloud.com/


新增翻譯文章 – git immersion | FAQ Book
http://blog.faq-book.com/?p=5095

2012年6月18日 星期一

David McCullough's Commencement Speech from Wellesley High School:“You’re not special”

You Are Not Special [中文字幕版] - YouTube


You Are Not Special Commencement Speech from Wellesley High School - YouTube


Wellesley High grads told: “You’re not special” | The Swellesley Report
http://www.theswellesleyreport.com/2012/06/wellesley-high-grads-told-youre-not-special/

Dr. Wong, Dr. Keough, Mrs. Novogroski, Ms. Curran, members of the board of education, family and friends of the graduates, ladies and gentlemen of the Wellesley High School class of 2012, for the privilege of speaking to you this afternoon, I am honored and grateful. Thank you.

So here we are… commencement… life’s great forward-looking ceremony. (And don’t say, “What about weddings?” Weddings are one-sided and insufficiently effective. Weddings are bride-centric pageantry. Other than conceding to a list of unreasonable demands, the groom just stands there. No stately, hey-everybody-look-at-me procession. No being given away. No identity-changing pronouncement. And can you imagine a television show dedicated to watching guys try on tuxedos? Their fathers sitting there misty-eyed with joy and disbelief, their brothers lurking in the corner muttering with envy. Left to men, weddings would be, after limits-testing procrastination, spontaneous, almost inadvertent… during halftime… on the way to the refrigerator. And then there’s the frequency of failure: statistics tell us half of you will get divorced. A winning percentage like that’ll get you last place in the American League East. The Baltimore Orioles do better than weddings.)

But this ceremony… commencement… a commencement works every time. From this day forward… truly… in sickness and in health, through financial fiascos, through midlife crises and passably attractive sales reps at trade shows in Cincinnati, through diminishing tolerance for annoyingness, through every difference, irreconcilable and otherwise, you will stay forever graduated from high school, you and your diploma as one, ‘til death do you part.

No, commencement is life’s great ceremonial beginning, with its own attendant and highly appropriate symbolism. Fitting, for example, for this auspicious rite of passage, is where we find ourselves this afternoon, the venue. Normally, I avoid clichés like the plague, wouldn’t touch them with a ten-foot pole, but here we are on a literal level playing field. That matters. That says something. And your ceremonial costume… shapeless, uniform, one-size-fits-all. Whether male or female, tall or short, scholar or slacker, spray-tanned prom queen or intergalactic X-Box assassin, each of you is dressed, you’ll notice, exactly the same. And your diploma… but for your name, exactly the same.

All of this is as it should be, because none of you is special.

You are not special. You are not exceptional.

Contrary to what your u9 soccer trophy suggests, your glowing seventh grade report card, despite every assurance of a certain corpulent purple dinosaur, that nice Mister Rogers and your batty Aunt Sylvia, no matter how often your maternal caped crusader has swooped in to save you… you’re nothing special.

Yes, you’ve been pampered, cosseted, doted upon, helmeted, bubble-wrapped. Yes, capable adults with other things to do have held you, kissed you, fed you, wiped your mouth, wiped your bottom, trained you, taught you, tutored you, coached you, listened to you, counseled you, encouraged you, consoled you and encouraged you again. You’ve been nudged, cajoled, wheedled and implored. You’ve been feted and fawned over and called sweetie pie. Yes, you have. And, certainly, we’ve been to your games, your plays, your recitals, your science fairs. Absolutely, smiles ignite when you walk into a room, and hundreds gasp with delight at your every tweet. Why, maybe you’ve even had your picture in the Townsman! And now you’ve conquered high school… and, indisputably, here we all have gathered for you, the pride and joy of this fine community, the first to emerge from that magnificent new building…

But do not get the idea you’re anything special. Because you’re not.

The empirical evidence is everywhere, numbers even an English teacher can’t ignore. Newton, Natick, Nee… I am allowed to say Needham, yes? …that has to be two thousand high school graduates right there, give or take, and that’s just the neighborhood Ns. Across the country no fewer than 3.2 million seniors are graduating about now from more than 37,000 high schools. That’s 37,000 valedictorians… 37,000 class presidents… 92,000 harmonizing altos… 340,000 swaggering jocks… 2,185,967 pairs of Uggs. But why limit ourselves to high school? After all, you’re leaving it. So think about this: even if you’re one in a million, on a planet of 6.8 billion that means there are nearly 7,000 people just like you. Imagine standing somewhere over there on Washington Street on Marathon Monday and watching sixty-eight hundred yous go running by. And consider for a moment the bigger picture: your planet, I’ll remind you, is not the center of its solar system, your solar system is not the center of its galaxy, your galaxy is not the center of the universe. In fact, astrophysicists assure us the universe has no center; therefore, you cannot be it. Neither can Donald Trump… which someone should tell him… although that hair is quite a phenomenon.

“But, Dave,” you cry, “Walt Whitman tells me I’m my own version of perfection! Epictetus tells me I have the spark of Zeus!” And I don’t disagree. So that makes 6.8 billion examples of perfection, 6.8 billion sparks of Zeus. You see, if everyone is special, then no one is. If everyone gets a trophy, trophies become meaningless. In our unspoken but not so subtle Darwinian competition with one another–which springs, I think, from our fear of our own insignificance, a subset of our dread of mortality — we have of late, we Americans, to our detriment, come to love accolades more than genuine achievement. We have come to see them as the point — and we’re happy to compromise standards, or ignore reality, if we suspect that’s the quickest way, or only way, to have something to put on the mantelpiece, something to pose with, crow about, something with which to leverage ourselves into a better spot on the social totem pole. No longer is it how you play the game, no longer is it even whether you win or lose, or learn or grow, or enjoy yourself doing it… Now it’s “So what does this get me?” As a consequence, we cheapen worthy endeavors, and building a Guatemalan medical clinic becomes more about the application to Bowdoin than the well-being of Guatemalans. It’s an epidemic — and in its way, not even dear old Wellesley High is immune… one of the best of the 37,000 nationwide, Wellesley High School… where good is no longer good enough, where a B is the new C, and the midlevel curriculum is called Advanced College Placement. And I hope you caught me when I said “one of the best.” I said “one of the best” so we can feel better about ourselves, so we can bask in a little easy distinction, however vague and unverifiable, and count ourselves among the elite, whoever they might be, and enjoy a perceived leg up on the perceived competition. But the phrase defies logic. By definition there can be only one best. You’re it or you’re not.

If you’ve learned anything in your years here I hope it’s that education should be for, rather than material advantage, the exhilaration of learning. You’ve learned, too, I hope, as Sophocles assured us, that wisdom is the chief element of happiness. (Second is ice cream… just an fyi) I also hope you’ve learned enough to recognize how little you know… how little you know now… at the moment… for today is just the beginning. It’s where you go from here that matters.

As you commence, then, and before you scatter to the winds, I urge you to do whatever you do for no reason other than you love it and believe in its importance. Don’t bother with work you don’t believe in any more than you would a spouse you’re not crazy about, lest you too find yourself on the wrong side of a Baltimore Orioles comparison. Resist the easy comforts of complacency, the specious glitter of materialism, the narcotic paralysis of self-satisfaction. Be worthy of your advantages. And read… read all the time… read as a matter of principle, as a matter of self-respect. Read as a nourishing staple of life. Develop and protect a moral sensibility and demonstrate the character to apply it. Dream big. Work hard. Think for yourself. Love everything you love, everyone you love, with all your might. And do so, please, with a sense of urgency, for every tick of the clock subtracts from fewer and fewer; and as surely as there are commencements there are cessations, and you’ll be in no condition to enjoy the ceremony attendant to that eventuality no matter how delightful the afternoon.
The fulfilling life, the distinctive life, the relevant life, is an achievement, not something that will fall into your lap because you’re a nice person or mommy ordered it from the caterer. You’ll note the founding fathers took pains to secure your inalienable right to life, liberty and the pursuit of happiness–quite an active verb, “pursuit”–which leaves, I should think, little time for lying around watching parrots rollerskate on Youtube. The first President Roosevelt, the old rough rider, advocated the strenuous life. Mr. Thoreau wanted to drive life into a corner, to live deep and suck out all the marrow. The poet Mary Oliver tells us to row, row into the swirl and roil. Locally, someone… I forget who… from time to time encourages young scholars to carpe the heck out of the diem. The point is the same: get busy, have at it. Don’t wait for inspiration or passion to find you. Get up, get out, explore, find it yourself, and grab hold with both hands. (Now, before you dash off and get your YOLO tattoo, let me point out the illogic of that trendy little expression–because you can and should live not merely once, but every day of your life. Rather than You Only Live Once, it should be You Live Only Once… but because YLOO doesn’t have the same ring, we shrug and decide it doesn’t matter.)

None of this day-seizing, though, this YLOOing, should be interpreted as license for self-indulgence. Like accolades ought to be, the fulfilled life is a consequence, a gratifying byproduct. It’s what happens when you’re thinking about more important things. Climb the mountain not to plant your flag, but to embrace the challenge, enjoy the air and behold the view. Climb it so you can see the world, not so the world can see you. Go to Paris to be in Paris, not to cross it off your list and congratulate yourself for being worldly. Exercise free will and creative, independent thought not for the satisfactions they will bring you, but for the good they will do others, the rest of the 6.8 billion–and those who will follow them. And then you too will discover the great and curious truth of the human experience is that selflessness is the best thing you can do for yourself. The sweetest joys of life, then, come only with the recognition that you’re not special.

Because everyone is.

Congratulations. Good luck. Make for yourselves, please, for your sake and for ours, extraordinary lives.

2012年6月15日 星期五

[Ubuntu] show directory/file name mixed with Japanese and Chinese correctly in Terminal

I have a samba server sharing a disk with directories/files name mixed with Japanese and Chinese. My Ubuntu 10.04 which mount the disk just show a bunch of "???" or other mystic characters.



The option "iocharset" given to "mount" plays a critical role to have folder/file name display correctly.
"iocharset=cp950" with "LANG=zh_TW.big5".
"iocharset=cp932" with "LANG=ja_JP.shiftjis"
"iocharset=utf8" with "LANG=zh_TW.utf8" and "LANG=en_US.utf8" (I guess all XXX.utf8 would work)
UTF8 is most suggested to be used.

To Install a new locale:
$ sudo ./install-language-pack EUC-JP
$ sudo locale-gen ja_JP.EUC-JP
Generating locales...
ja_JP.EUC-JP... done
Generation complete.
$ locale -a
(.......)
en_ZW.utf8
ja_JP.eucjp
ja_JP.utf8
tt_RU
(.......)

Configure the Terminal
After the locale is installed/configured properly, you need to change the Terminal's default locale:
LANG=ja_JP.utf8
or
LANG=ja_JP.eucjp
(Just temporarily, or make the changes to /etc/environment for permanent change)
And the Character Encoding:
[Terminal] -> [Set Character Encoding] -> [Japenease (EUC-JP)] or the one that match the LANG setting.


commands:
locale -a
locale-gen
/usr/share/locales/install-language-pack

files:
/var/lib/locales/supported.d/local
/etc/environment
/etc/default/locale
/usr/share/i18n/SUPPORTED



LocaleConf - Community Ubuntu Documentation
https://help.ubuntu.com/community/LocaleConf
For Anti-UTF-8 people
https://help.ubuntu.com/community/LocaleConf#For_Anti-UTF-8_people
See the first column of the file /usr/share/i18n/SUPPORTED and identify your language codes, example: en_US es_VE pt_BR es_ES. Note that the second column shows the encoding to be used with that language code and remember that we don't want UTF-8 as encoding.

After you know which language codes you will use, go to the terminal and type the following:

$ sudo locale-gen LANG1 LANG2 LANG3 ...

Where LANG1, LANG2, ... are the language code you selected. As an example, a user in Venezuela may want:

$ sudo locale-gen es_VE en_US

After that, you should reboot your computer.


Running the Platform in another language - Pentaho Engineering - Pentaho Wiki
http://wiki.pentaho.com/display/PEOpen/Running+the+Platform+in+another+language
Instructions for setting up Japanese Shift_JIS charset on Ubuntu Linux:

1. Install the language pack:
$ sudo apt-get install language-pack-gnome-ja language-pack-ja
2. List the currently installed locale's
$ locale -a
3. We need to add the following to /var/lib/locales/supported.d/local
ja_JP.SHIFT_JIS SHIFT_JIS
4. List the available charsets
$ locale -m
You should see SHIFT_JIS in the list
5. Compile the ja_JP.shiftjis locale
$ sudo localedef -f SHIFT_JIS -i ja_JP ja_JP.Shift_JIS
6. List the currently installed locales to see if our new one is now available
$ locale -a


Ubuntuでlocaleを設定する。 - redtower's memo
http://redtower.plala.jp/2010/06/06/ubuntu-locale.html

HOWTO: Install a new locale (language pack) - Ubuntu Forums
http://ubuntuforums.org/showthread.php?t=196414

2012年6月14日 星期四

[Ubuntu] Change the default and supported locale

locale - Yu-Teh Wiki
http://ytshen.wikidot.com/locale
sudo vim /etc/default/locale

LANG="en_US"
LANGUAGE="en_US:en"
locale -a
sudo vim /var/lib/locales/supported.d/locale
zh_TW.UTF-8 UTF-8
en_US.UTF-8 UTF-8
sudo locale-gen
echo "LANG=en_US.utf-8" » /etc/environment
echo "LC_ALL=en_US.utf-8" » /etc/environment




Building buildroot/uClibc might failed due to host locale setting.

[Buildroot] problem with locale
http://lists.busybox.net/pipermail/buildroot/2009-October/029503.html

2012年6月13日 星期三

OpenRelief

OpenRelief Project
http://openrelief.org/index.html

Introducing OpenRelief - YouTube


What Is OpenRelief?
http://openrelief.org/what-is-openrelief.pdf

Understanding The Technology Behind OpenRelief
http://openrelief.org/understanding-openrelief.pdf

OpenRelief - Gitorious
http://www.gitorious.org/OpenRelief

Profile | SolderPad
http://www.solderpad.com/OpenRelief

2012年6月8日 星期五

Linux ESN window size

static struct xfrm_link xfrm_dispatch[XFRM_NR_MSGTYPES]
xfrm_add_sa(struct nlattr **attrs)
xfrm_state_construct
rta= attrs[XFRMA_REPLAY_ESN_VAL]
xfrm_alloc_replay_state_esn(struct nlattr *rta)
nla_data(rta);
return (char *) nla + NLA_HDRLEN;
xfrm_replay_state_esn_len


x.replay_esn
struct xfrm_state
struct xfrm_replay_state_esn *replay_esn;
replay_window
bmp[]
bmp_len
x->props.replay_window = sa->sadb_sa_replay;


static pfkey_handler pfkey_funcs[SADB_MAX + 1]
pfkey_add
pfkey_msg2xfrm_state or xfrm_state_clone(CONFIG_XFRM_MIGRATE)
xfrm_init_state
__xfrm_init_state
xfrm_init_replay




[strongSwan] anti-replay window size?
https://lists.strongswan.org/pipermail/users/2009-August/003748.html

currently the kernel interface method add_sa() of the IKEv2 daemon
sets the replay window size to a constant value of 32:

(.......)

whereas in the kernel interface method netlink_add_sa() of the IKEv1
daemon the size is configurable:

(.......)

but in kernel.c where netlink_add_sa() is called, the value is set
invariably to 32,

Strongswan also limits the maximum window size to 64 in pfkey_prop_parse().


IPSec Anti-Replay Window: Expanding and Disabling - Cisco Systems
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gt_iarwe.html
IPsec Anti-Replay Window

Cisco IPsec authentication provides anti-replay protection against an attacker duplicating encrypted packets by assigning a unique sequence number to each encrypted packet. (Security association [SA] anti-replay is a security service in which the receiver can reject old or duplicate packets to protect itself against replay attacks.) The decryptor checks off the sequence numbers that it has seen before. The encryptor assigns sequence numbers in an increasing order. The decryptor remembers the value X of the highest sequence number that it has already seen. N is the window size, and the decryptor also remembers whether it has seen packets having sequence numbers from X-N+1 through X. Any packet with the sequence number X-N is discarded. Currently, N is set at 64, so only 64 packets can be tracked by the decryptor.

At times, however, the 64-packet window size is not sufficient. For example, Cisco quality of service (QoS) gives priority to high-priority packets, which could cause some low-priority packets to be discarded even though they could be one of the last 64 packets received by the decryptor. The IPsec Anti-Replay Window: Expanding and Disabling feature allows you to expand the window size, allowing the decryptor to keep track of more than 64 packets.

Increasing the anti-replay window size has no impact on throughput and security. The impact on memory is insignificant because only an extra 128 bytes per incoming IPsec SA is needed to store the sequence number on the decryptor. It is recommended that you use the full 1024 window size to eliminate any future anti-replay problems.

2012年6月5日 星期二

Girl with a funny talent.

Girl with a funny talent. [original video]


Hi Everyone, Follow up Video.

Doodling in Math: Spirals, Fibonacci, and Being a Plant

Doodling in Math: Spirals, Fibonacci, and Being a Plant [1 of 3] - YouTube


Doodling in Math Class: Spirals, Fibonacci, and Being a Plant [2 of 3]


Doodling in Math: Spirals, Fibonacci, and Being a Plant [Part 3 of 3]


How To Find the Lucas Angle

2012年6月1日 星期五

GIT: Push to remote branch of remote repo

Push to remote branch of remote repo

git push <remote_name> +<br_name>:refs/remotes/<my_name>/<br_name>

I suddenly realize this is a convenient command to push updates to each working copy, which may have the same branch name checkout. Git wont allow you to push to a checkout branch. This prevent that from happening.

Make an alias for this:
[alias]
rpush = !sh -c 'git push $1 +HEAD:refs/remotes/$2/$3' -
Then you can do:
git rpush <remote_name> <my_name> <br_name>




Aliases - Git SCM Wiki
https://git.wiki.kernel.org/index.php/Aliases#Advanced_aliases_with_arguments

2012年5月30日 星期三

ARM MMU Cacheable and Bufferable bits

C=0,B=0: NCNB (WB off)
C=0,B=1: NCB (WB on)
C=1,B=0: WriteThrough, no write allocate (WB on)
C=1,B=1: WriteBack, no write allocate (WB on)

[藍森林-自由軟件] - 如果cache打開而MMU不打開,這種情況允許嘛?- 系統管理
http://www.lslnet.com/linux/f/docs1/i56/big5375649.htm

1.WB的設計是為了防止處理器流水線被寫數據總線操作(寫主存,寫外圍設備寄存器等)拉住。典型寫數據總線時機有三種:一是cache處於write through策略下的寫操作;二是cache處於write back策略下,dirty數據由於cache行替換或者被程序主動清空而寫回主存,三是不經過cache,直接對數據總線的寫操作。有了WB之後,被寫回數據總線的內容在進入WB之後,處理器和cache就可以立刻繼續使用了。這就是WB和cache的關係。
2.那個表的含義如下:
ARM各系列的處理器上的cache設計有所不同,所以有的cache只有write through策略,有的cache只有write back策略,還有的cache是write back策略但允許一定的write through行為,因此C和B位的四種組合對這三種cache而言有不同的含義。第一列和第二列分別針對write through型cache和write back型cache進行解釋,其含義可以參考我對第1個問題的回答,第三列針對write back策略但允許一定的write through行為的cache,第一行好理解,第二行之所以在B位為0的情況下依然是bufferable,應該是因為硬件上的設計原因(節省硬件資源或者由於目標設計頻率限制),第三行的含義是,當C==1,B==0時,cache使用write through策略,WB開啟,第四行的含義是,當C==1,B==1時,cache使用write back策略,WB開啟。
可以看到,對第三種類型的cache,C和B位不再「嚴格」是其本來控制cacheable和bufferable的含義,而是利用這兩位的「組合」來控制cache和WB的表現行為,這樣做比另外再增加一位來選擇cache的write back策略和write through策略硬件上節約了資源,效果上卻差不多,少了cache和WB幾種意義不大的組合,應該說還是挺巧妙的。


7.5.3. Cacheable and bufferable flags
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0056d/BABJJDIE.html
If you set a region to be cacheable:

  • When you load from that region, the cache is searched. If the item is found, it is loaded from the cache. If the item is not found, a complete cache line including the required address is loaded. Some other cache line is evicted from the cache, unless there is an unused cache line available.
  • When you save to that region, the cache is searched. If the item is found, the save is made to the cache. If the item is not found, the save is made to memory.

The exact effect of the bufferable flag varies (see the Technical Reference Manual for your processor for details).

2012年5月29日 星期二

Maxium packets per second

Maximum packets per second of Gbe
64-byte: 1000000/((64+20)*8) = 1488kpps
128-byte: 1000000/((128+20)*8) = 844kpps
1500-byte: 1000000/((1500+20)*8) = 82kpps



pps与bps之间的换算 - 知识库文章 - 艾泰科技
http://www.utt.com.cn/reference.php?id=253
此处给出千兆环境下有单向转发包长为64字节的理论PPS
1Gbps = 1000M bits/((84字节)*8(bit 每字节))=1.488095 Mpps
(根据IEEE802.3规范, 100Mbps=100,000,000bps即以太网速率的单位是以10进制为单位的。)
根据Ethernet的CSMA/CD的工作原理,报文在发送之前,要先侦听一段时间线路是否空闲,空闲才能发送。这个监听时间为帧间隙(IPG Inter-Packet Gap),为发送12个字节的时间。为了能接受同步,在以太网帧结构前增加了8个字节的前导码(Preamble),其中7个字节为AA(其二进制形式为01010101)用于与接收端同步,第8个字节为AB(帧定界符),用于定界,标明从现在开始后面的是以太网帧。所以,最短帧的实际长度为:
64字节+12(字节帧间隙)+8(前导码)= 84字节


[wiki] Interframe gap
http://en.wikipedia.org/wiki/Interframe_gap
The minimum interframe gap is 96 bit times (the time it takes to transmit 96 bits of raw data on the medium), which is 9.6 us for 10 Mbit/s Ethernet, 0.96 us for 100 Mbit/s (fast) Ethernet, 0.096 us for 1 Gbit/s (gigabit) Ethernet, and 0.0096 us for 10 Gbit/s (10 gigabit) Ethernet.

2012年5月21日 星期一

ARM: DMA-mapping: new extensions for buffer sharing

ARM: DMA-mapping: new extensions for buffer sharing [LWN.net]
https://lwn.net/Articles/497607/

2012年5月9日 星期三

GIT post-commit: Backup commits to "remote branch" of remote repo

Configuration:

  1. gitbackup.remotename: the remote used to backup, default "gitbackup"
  2. gitbackup.myname: the name shown before remote branch of remote repo, default is current git directory "$(pwd)"

Installation:
  1. Copy the following post-commit to .git/hooks
  2. Add remote
    git remote add gitbackup XXX@YYY:/ZZZ
  3. Change configuration if needed
  4. It is suggested to create a ssh key to the remote "gitbackup" to login without password.
    Refer to ssh-keygen.
Done!!! git will also push the commit to remote repo of remote branch while committing:
# git commit -m "update" -a
Counting objects: 5, done.
Delta compression using up to 8 threads.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 797 bytes, done.
Total 3 (delta 2), reused 0 (delta 0)
To xxx@XXX.XXX:~/prj/mygit
f3fe00e..d46f950 HEAD -> 101/101
[101 d46f950] update
1 files changed, 37 insertions(+), 0 deletions(-)



post-commit
#!/bin/sh
curbr=$(git branch | grep \* | cut -c 3-)
remotename=$(git config gitbackup.remotename)
myname=$(git config gitbackup.myname)

if [ -z "${myname}" ] ;then
myname=$(readlink -e $(pwd))
git config gitbackup.myname ${myname}
fi
if [ -z "${remotename}" ] ;then
remotename=gitbackup
git config gitbackup.remotename ${remotename}
fi
if echo ${curbr} | grep \( 1>/dev/null 2>&1 ; then
echo
echo Warning: you are not on any branch currently...
echo
curbr=no_branch
fi
git push ${remotename} +HEAD:refs/remotes/${myname##/}/${curbr}
: Nothing



Push to remote branch of remote repo
git push <remote_name> +<br_name>:refs/remotes/<my_name>/<br_name>



7.3 Customizing Git - Git Hooks
http://git-scm.com/book/ch7-3.html

[Git] 利用 post-receive hook 自動發 Email 給團隊成員
http://josephjiang.com/entry.php?id=346

2012年5月4日 星期五

openssl RSA keys

Create RSA key pair

openssl genrsa -out keys.pem 2048
To get public key (modulus)
openssl rsa -text -in keys.pem


HOWTO keys
http://www.openssl.org/docs/HOWTO/keys.txt
Keys are the basis of public key algorithms and PKI.  Keys usually
come in pairs, with one half being the public key and the other half
being the private key.  With OpenSSL, the private key contains the
public key information as well, so a public key doesn't need to be
generated separately.
 
[wiki] RSA (algorithm)
http://en.wikipedia.org/wiki/RSA_%28algorithm%29

[wiki] RSA加密演算法 - 维基百科,自由的百科全书
http://zh.wikipedia.org/wiki/RSA%E5%8A%A0%E5%AF%86%E6%BC%94%E7%AE%97%E6%B3%95

2012年4月21日 星期六

2012年3月26日 星期一

Brooks's law

[wiki] Brooks's Law
http://en.wikipedia.org/wiki/Brooks's_law

Brooks's law is a principle in software development which says that "adding manpower to a late software project makes it later".[1] It was coined by Fred Brooks in his 1975 book The Mythical Man-Month. The corollary of Brooks's Law is that there is an incremental person who, when added to a project, makes it take more, not less time. Brooks adds that "Nine women can't make a baby in one month".


IEEE Software "From the Editor" Column by Steve McConnell
Brooks' Law Repealed?
http://www.stevemcconnell.com/ieeesoftware/eic08.htm

Changing Counterproductive Behaviors in Real Acquisitions - Brooks' Law
http://www.sei.cmu.edu/library/assets/brooks1.pdf

Brooks Law Is Applicable To Many Collaborative People Activities : Project Planning & Estimation
http://www.galorath.com/wp/brooks-law-is-applicable-to-many-collaborative-people-activities.php



极客须知十大定律 - 博客 - 伯乐在线
http://blog.jobbole.com/12158/

2012年3月15日 星期四

Generating config for new kernel from old kernel config

  1. In new kernel source,
    make allmodconfig KCONFIG_ALLCONFIG=/boot/config-of-old-kernel
    This will create a kernel config of the new kernel, and answered all with "m" based on the old config.

  2. Build the kernel and boot. Go on if it boot without issues.
  3. Disable all the modules not used currently in .config.
    make localmodconfig
  4. Have all modules (m) in .config become built-in (y)
    make localyesconfig
  5. Save the .config as minimal config to ./defconfig
    make savedefconfig


"make help" in kernel source:
localmodconfig - Update current config disabling modules not loaded
localyesconfig - Update current config converting local mods to core

savedefconfig - Save current config as ./defconfig (minimal config)

allnoconfig - New config where all options are answered with no
allyesconfig - New config where all options are accepted with yes
allmodconfig - New config selecting modules when possible
alldefconfig - New config with all symbols set to default
KCONFIG_ALLCONFIG
To specify a filename that contains config options that the user requires to be set to a specific value

2012年3月14日 星期三

[Debian] Documentation/lguest: No such file or directory

#638012 - error compiling(make: *** Documentation/lguest: No such file or directory. Stop) - Debian Bug report logs
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=638012

As a workaround simply linking the virtual/lguest/ directory from the Documentation folder of the source tree will solve the problem.
cd ./Documentation
ln -s virtual/lguest/

2012年3月8日 星期四

dpkg-reconfigure

[藍森林-自由軟件] - 關於dpkg-reconfigure,請大家接龍
http://www.lslnet.com/linux/f/docs1/i41/big5289530.htm

2012年3月2日 星期五

IPSec: Fragmentation/Reassemble

RFC 4303: IP Encapsulating Security Payload (ESP)
http://tools.ietf.org/html/rfc4303

3.3. Outbound Packet Processing
3.3.4. Fragmentation
If necessary, fragmentation is performed after ESP processing within an IPsec implementation. Thus, transport mode ESP is applied only to whole IP datagrams (not to IP fragments). An IP packet to which ESP has been applied may itself be fragmented by routers en route, and such fragments must be reassembled prior to ESP processing at a receiver. In tunnel mode, ESP is applied to an IP packet, which may be a fragment of an IP datagram. For example, a security gateway or a "bump-in-the-stack" or "bump-in-the-wire" IPsec implementation (as defined in the Security Architecture document) may apply tunnel mode ESP to such fragments.
(......)
Fragmentation, whether performed by an IPsec implementation or by routers along the path between IPsec peers, significantly reduces performance. Moreover, the requirement for an ESP receiver to accept fragments for reassembly creates denial of service vulnerabilities. Thus, an ESP implementation MAY choose to not support fragmentation and may mark transmitted packets with the DF bit, to facilitate Path MTU (PMTU) discovery. In any case, an ESP implementation MUST support generation of ICMP PMTU messages (or equivalent internal signaling for native host implementations) to minimize the likelihood of fragmentation. Details of the support required for MTU management are contained in the Security Architecture document.

3.4. Inbound Packet Processing
3.4.1. Reassembly

If required, reassembly is performed prior to ESP processing.

2012年2月28日 星期二

IPSec: Anti-replay

RFC 4302: IP Authentication Header
http://tools.ietf.org/html/rfc4302

3.3.2. Sequence Number Generation
(......)
The sender assumes anti-replay is enabled as a default, unless otherwise notified by the receiver (see Section 3.4.3) or if the SA was configured using manual key management. Thus, typical behavior of an AH implementation calls for the sender to establish a new SA when the Sequence Number (or ESN) cycles, or in anticipation of this value cycling.

3.4.3. Sequence Number Verification
All AH implementations MUST support the anti-replay service, though its use may be enabled or disabled by the receiver on a per-SA basis. Anti-replay is applicable to unicast as well as multicast SAs. However, this standard specifies no mechanisms for providing anti- replay for a multi-sender SA (unicast or multicast). In the absence of negotiation (or manual configuration) of an anti-replay mechanism for such an SA, it is recommended that sender and receiver checking of the Sequence Number for the SA be disabled (via negotiation or manual configuration), as noted below.


RFC 4303: IP Encapsulating Security Payload (ESP)
http://tools.ietf.org/html/rfc4303
1. Introduction
The anti-replay service may be selected for an SA only if the integrity service is selected for that SA. The selection of this service is solely at the discretion of the receiver and thus need not be negotiated. However, to make use of the Extended Sequence Number feature in an interoperable fashion, ESP does impose a requirement on SA management protocols to be able to negotiate this feature (see Section 2.2.1 below).

2.2. Sequence Number
(........)
If anti-replay is enabled (the default), the transmitted sequence number must never be allowed to cycle. Thus, the sender's counter and the receiver's counter MUST be reset (by establishing a new SA and thus a new key) prior to the transmission of the 2^32nd packet on an SA.

3.3.3. Sequence Number Generation
(.......)
If the key used to compute an ICV is manually distributed, a compliant implementation SHOULD NOT provide anti-replay service. If a user chooses to employ anti-replay in conjunction with SAs that are manually keyed, the sequence number counter at the sender MUST be correctly maintained across local reboots, etc., until the key is replaced. (See Section 5.)
(.......)
Note: If a receiver chooses to not enable anti-replay for an SA, then the receiver SHOULD NOT negotiate ESN in an SA management protocol. Use of ESN creates a need for the receiver to manage the anti-replay window (in order to determine the correct value for the high-order bits of the ESN, which are employed in the ICV computation), which is generally contrary to the notion of disabling anti-replay for an SA.

3.4.3. Sequence Number Verification
All ESP implementations MUST support the anti-replay service, though its use may be enabled or disabled by the receiver on a per-SA basis. This service MUST NOT be enabled unless the ESP integrity service also is enabled for the SA, because otherwise the Sequence Number field has not been integrity protected. Anti-replay is applicable to unicast as well as multicast SAs. However, this standard specifies no mechanisms for providing anti-replay for a multi-sender SA (unicast or multicast). In the absence of negotiation (or manual configuration) of an anti-replay mechanism for such an SA, it is recommended that sender and receiver checking of the sequence number for the SA be disabled (via negotiation or manual configuration), as noted below.

2012年2月20日 星期一

IPSec: Extended (64-bit) Sequence Numbers (ESN)

RFC 4302: IP Authentication Header
http://tools.ietf.org/html/rfc4302#page-8

2.5. Sequence Number
This unsigned 32-bit field contains a counter value that increases by one for each packet sent, i.e., a per-SA packet sequence number.
(.....)
The field is mandatory and MUST always be present even if the receiver does not elect to enable the anti-replay service for a specific SA.
(.....)
Thus, the sender MUST always transmit this field, but the receiver need not act upon it.

The sender's counter and the receiver's counter are initialized to 0 when an SA is established. (The first packet sent using a given SA will have a sequence number of 1; see Section 3.3.2 for more details on how the sequence number is generated.) If anti-replay is enabled (the default), the transmitted sequence number must never be allowed to cycle. Thus, the sender's counter and the receiver's counter MUST be reset (by establishing a new SA and thus a new key) prior to the transmission of the 2^32nd packet on an SA.

2.5.1. Extended (64-bit) Sequence Number
To support high-speed IPsec implementations, a new option for sequence numbers SHOULD be offered, as an extension to the current, 32-bit sequence number field. Use of an Extended Sequence Number (ESN) MUST be negotiated by an SA management protocol. Note that in IKEv2, this negotiation is implicit; the default is ESN unless 32-bit sequence numbers are explicitly negotiated. (The ESN feature is applicable to multicast as well as unicast SAs.)

The ESN facility allows use of a 64-bit sequence number for an SA. (See Appendix B, "Extended (64-bit) Sequence Numbers", for details.) Only the low-order 32 bits of the sequence number are transmitted in the AH header of each packet, thus minimizing packet overhead. The high-order 32 bits are maintained as part of the sequence number counter by both transmitter and receiver and are included in the computation of the ICV, but are not transmitted.

3.3.3.2.2. Implicit Packet Padding and ESN
If the ESN option is elected for an SA, then the high-order 32 bits of the ESN must be included in the ICV computation. For purposes of ICV computation, these bits are appended (implicitly) immediately after the end of the payload, and before any implicit packet padding.

For some integrity algorithms, the byte string over which the ICV computation is performed must be a multiple of a blocksize specified by the algorithm. If the IP packet length (including AH and the 32 high-order bits of the ESN, if enabled) does not match the blocksize requirements for the algorithm, implicit padding MUST be appended to the end of the packet, prior to ICV computation. The padding octets MUST have a value of zero. The blocksize (and hence the length of the padding) is specified by the algorithm specification. This padding is not transmitted with the packet. The document that defines an integrity algorithm MUST be consulted to determine if implicit padding is required as described above. If the document does not specify an answer to this, then the default is to assume that implicit padding is required (as needed to match the packet length to the algorithm's blocksize.) If padding bytes are needed but the algorithm does not specify the padding contents, then the padding octets MUST have a value of zero.
Appendix B: Extended (64-bit) Sequence Numbers
http://tools.ietf.org/html/rfc4302#page-28
B3. Handling Loss of Synchronization due to Significant Packet Loss


RFC 4303: IP Encapsulating Security Payload (ESP)
http://tools.ietf.org/html/rfc4303
(skipping parts alike to AH)
2.2.1. Extended (64-bit) Sequence Number
(...)
The high-order 32 bits are maintained as part of the sequence number counter by both transmitter and receiver and are included in the computation of the ICV (if the integrity service is selected). If a separate integrity algorithm is employed, the high order bits are included in the implicit ESP trailer, but are not transmitted, analogous to integrity algorithm padding bits. If a combined mode algorithm is employed, the algorithm choice determines whether the high-order ESN bits are transmitted or are included implicitly in the computation. See Section 3.3.2.2 for processing details.

3.3.2.1. Separate Confidentiality and Integrity Algorithms
4. Compute the ICV over the ESP packet minus the ICV field. Thus, the ICV computation encompasses the SPI, Sequence Number, Payload Data, Padding (if present), Pad Length, and Next Header. (Note that the last 4 fields will be in ciphertext form, because encryption is performed first.) If the ESN option is enabled for the SA, the high-order 32 bits of the sequence number are appended after the Next Header field for purposes of this computation, but are not transmitted.

3.3.2.2. Combined Confidentiality and Integrity Algorithms

- The Sequence Number (or Extended Sequence Number, as appropriate) and the SPI are inputs to the algorithm, as they must be included in the integrity check computation. The means by which these values are included in this computation are a function of the combined mode algorithm employed and thus not specified in this standard.

3.3.3. Sequence Number Generation
If ESN (see Appendix) is selected, only the low-order 32 bits of the sequence number are transmitted in the Sequence Number field, although both sender and receiver maintain full 64-bit ESN counters. The high order 32 bits are included in the integrity check in an algorithm/mode-specific fashion, e.g., the high-order 32 bits may be appended after the Next Header field when a separate integrity algorithm is employed.
Appendix A: Extended (64-bit) Sequence Numbers
http://tools.ietf.org/html/rfc4303#page-38

RFC 4106 - The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP)
http://tools.ietf.org/html/rfc4106#page-5
5. AAD Construction


RFC 4543 - The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH
http://tools.ietf.org/html/rfc4543#page-5
3.3. AAD Construction


RFC 5084 - Using AES-CCM and AES-GCM Authenticated Encryption in the Cryptographic Message Syntax (CMS)
http://tools.ietf.org/html/rfc5084
1.5. AES-GCM
(......)
AES-GCM has four inputs: an AES key, an initialization vector (IV), a plaintext content, and optional additional authenticated data (AAD). AES-GCM generates two outputs: a ciphertext and message
(......)
AAD is authenticated but not encrypted. Thus, the AAD is not included in the AES-GCM output. It can be used to authenticate plaintext packet headers. In the CMS authenticated-enveloped-data content type, authenticated attributes comprise the AAD.


RFC 4304 - Extended Sequence Number (ESN) Addendum to IPsec Domain of Interpretation (DOI) for Internet Security Association and Key Management Protocol (ISAKMP)
http://tools.ietf.org/html/rfc4304

A Cryptographic Tour of the IPsec Standards
http://eprint.iacr.org/2006/097.pdf

3.2 AH Sequence Number Field
(.....)
RFC 4302 allows an optional Extended Sequence Number (ESN) to be used. This is helpful in high-speed networks, where a 32-bit counter could easily overflow during normal operations. ESNs are 64 bits long, and the entire 64 bits is used in the MAC calculation by AH even though only the least significant 32 bits of the ESN are carried in the Sequence Number Field. For the purposes of MAC calculation, the most significant 32 bits are placed after the payload, meaning that the ESN is actually split into two parts rather than appearing as a sequence of 64 consecutive bits in the input to the MAC. This is somewhat unusual, but does allow the AH format to remain the same as that specified in RFC 2402 when 32 bit sequence numbers are used. The transmission of only half the ESN in AH leads to the need for a synchronization mechanism in the event that more than 232 consecutive packets are lost. This is addressed in [22, Appendix B3]. RFC 4302 indicates that the default setting is to use ESNs rather than 32 bit sequence numbers; RFC 4304 [24] explains how IKE can be modi¯ed to allow negotation of ESNs.

4.2 ESP Sequence Number Field
Sequence numbers, including Extended Sequence Numbers (ESNs), are treated in largely the same way in RFC 4303 as they are in the AH RFC, RFC 4302. In particular, their use by the receiver is optional, but their inclusion in ESP headers is mandatory. The only real difference is that sequence numbers must be ignored by the recipient if the relevant ESP SA specifies the NULL integrity protection algorithm (in other words, if the SA only offers encryption). In this situation, ESP cannot offer an anti-replay service. If a combined mode algorithm is in use, the most significant bits of an ESN may actually be transmitted; if separate integrity and encryption algorithms are used, these bits are not transmitted, but are included in the MAC calculation by placing them in the ESP trailer, so they are split into two parts (as in AH).