老公與老婆的愛情有需要給政府掛保證嗎? 或是說政府保證得了夫妻之間的承諾嗎?
有天,老婆忽然問我: 『你會永遠愛我嗎?』
我: 『???』
老婆再強調一次: 『你會永遠愛我嗎?』
我: 『我愛你呀! 只是我不能保證 **永遠** 。
        就連美國國債都已經不是 AAA 了,
        而 AAA 也不過是 5 年內的違約率小於 0.4% 。』 

大部分人的理想的另一半,『其實是 完美的外在條件』加上『我自己的內在』
而跟自己很像的人,多半是同性(同性戀)...或者 很像同性的異性(異性戀)...
而怎麼去克服理想與現實的差距 (ㄜ....老婆....我沒有不尊敬的意思....)
和 理解與同理 另一半的需求則是人生的一大課題呀...

 "美國國債AAA" 的那段最好還是在心裡OS就好了....

有大咪咪的兄弟 和 雙贏..........我神往了~~~~~~XD)

In case you don't have a permanent place BUT you have permanent address (family home) then the mail will be sent to your permanent address, "in care of" your father/ mother's name.

買了條HDMI female-to-DVI male轉接頭和HDMI A-to-D傳輸線,並拿了個5V4A的變壓器改頭

CON3上的VDD-IO也只有在按下power時才有1.8V output, 放開就沒有了

把CON3上的pin, 從靠CON3字樣起算分別是VDD-IO, TTA-RXD, TTA-TXD, 接地
  • VDD-IO 接到 VD232
  • TTA-RXD接到Rx
  • TTA-TXD接到Tx
  • 接地 接到 Gnd
(原來我以為UART應該odroid Rx接op-1010 Tx,但是反而會讓odroid boot不起來,D5D6都半亮,似乎卡在u-boot)

[   48.370127] No such irq type 0
[   48.370252] setting trigger mode 0 for irq 383 failed (exynos_irq_eint_set_type+0x0/0x218)
[   51.931581] No such irq type 0
[   51.931705] setting trigger mode 0 for irq 383 failed (exynos_irq_eint_set_type+0x0/0x218)
[   81.173680] No such irq type 0
[   81.173806] setting trigger mode 0 for irq 383 failed (exynos_irq_eint_set_type+0x0/0x218)
What display can I use?
There are HDMI out and RGB digital out are available on ODROID-X.
HDMI can support only 720p/1080p resolution with 16:9 wide display.
HDMI-DVI converter will not work properly because Exynos4 HDMI is not compatible with VESA standard.
So most of old PC monitors can't be used.

We recommend LCD kit if your monitor/TV is old model. LCD kit contains LCD panel + interface board + LVDS cable + power supply.

TV: Sharp LC-32A33T 1080p顯示不相容,720p可以用
Monitor: Acer P235H 1080p/720p皆可


新灌的SD卡的data partition都沒有format,在Android裡會顯示損壞,選擇重新format就好了

Exynos-4412 Android 4.0.4 BSP (Update! Alpha 3.1)
Latest version of ICS and JB
ODROID-X Android Alpha-3 image release (Alpha 3.5 !!)
ODROID-X Android Alpha-3.5 image release

ODROID-X : History of PCB revision. (for schematics)

Features - ODROID :: Hardkernel

UART     System console monitoring for development (1.8volt interface)


CP2104: USB to Serial UART bridge IC with 1.8V interface

Most microcontrollers these days have built in UARTs (universally asynchronous receiver/transmitter) that can be used to receive and transmit data serially. UARTs transmit one bit at a time at a specified data rate (i.e. 9600bps, 115200bps, etc.). This method of serial communication is sometimes referred to as TTL serial (transistor-transistor logic). Serial communication at a TTL level will always remain between the limits of 0V and Vcc, which is often 5V or 3.3V. A logic high ('1') is represented by Vcc, while a logic low ('0') is 0V.
萬平科技 葉安彬 先生:
如要自行調整TTL 電壓時,請將R7 移掉後:
如從VD232 處輸入1.8V 時,那Tx、DTR 及RTS 的輸出電壓準位就會為1.8V。
如從VD232 處輸入2.5V 時,那Tx、DTR 及RTS 的輸出電壓準位就會為2.5V。
如從VD232 處輸入3.3V 時,那Tx、DTR 及RTS 的輸出電壓準位就會為3.3V
OP-1010-18V板子上有用一個LDO接在VD232這裡,所以OP-1010-18V才會輸出1.8V, 因為有多用一個LDOIC, 所以售價是165元(有含四條線),有很多人是直接買OP-1010-18V這個型號測試1.8V.

投資標的 vs Morningstar 2012 ETF award

ief(.15%, .1453): agg(.08%, .2426), biv(.11%, .2252), bnd(.1%, .1785), bond(.55%, .2, ~10%), tlt(.15%, .2696)

vt(.22%, .584/3): acwi(.34%, .6039/6)

vwo(.2%, .525/3): gmm(.59%, .562/6)

EasyInstall is a package manager for the Python programming language that provides a standard format for distributing Python programs and libraries (based on the Python Eggs wrapper).

一套短衣褲,是逛夜市和借宿時當睡衣用;還有盥洗用具、藥物、證件、提款卡、墨鏡、備用眼鏡等等,大宗的是 3C 用品,很佔重量。


1.osprey 3L 水袋背包 2.雨衣 3.兩件長袖排汗衣 4.一件短袖汗衫 5.三雙襪子 6.盥洗用品 7.防曬乳 8.小的數位相機 9.手機行動電源 10.相機充電器 11.筆記本12.太陽眼鏡 13.兩條buff魔術頭巾

Request a Debit Card
Note: The order will not ship unless there are available funds in your account. You must have a valid U.S. Social Security Number (SSN) or Individual Taxpayer Identification Number (ITIN) and a valid U.S. address to be eligible for a debit card..
Activate a Debit Card

How many ATM refunds will I receive per month?

The E*TRADE Complete? Debit Card offers unlimited ATM fee refunds to:

    Customers maintaining a balance of $50,000 or more in combined E*TRADE Securities and E*TRADE Bank accounts


    Customers making at least 30 stock or options trades per quarter.

*All other customers currently receive (5) ATM fee refunds a month.

彭明輝教授:生命是一連串長期而持續的累積 - 藏經閣

彭明輝教授:生命是一連串長期而持續的累積 - 藏經閣




可 是,這些焦慮實在是莫須有的!生命是一種長期而持續的累積過程,絕不會因為單一的事件而毀了一個人的一生,也不會因為單一的事件而救了一個人的一生。屬於 我們該得的,遲早會得到;屬於我們不該得的,即使僥倖巧取也不可能長久保有。如果我們看清這個事實,許多所謂“人生的重大抉擇”就可以淡然處之,根本無需 焦慮。而所謂”人生的困境”,也往往當下就變得無足掛齒。


一向不被看好好的甲不小心猜對十分,而進了建國中 學;一向穩上建國的乙不小心丟了二十分,而到附中。放榜日一家人志得意滿,另一家人愁雲慘霧,好像甲,乙兩人命運從此篤定。可是,聯考真的意謂著什麼?建 國中學最後錄取的那一百人,真的有把握一定比附中前一百名前景好嗎?僥倖考上的人畢竟只是僥倖考上,一時失閃的人也不會因為單一的事件而前功盡棄。一個人 在聯考前所累積的實力,絕不會因為放榜時的排名而有所增減。


所以,三年後乙順利 的考上台大,而甲卻跑到成大去。這時回首高中聯考放榜的時刻,甲有什麼好得意?而乙又有什麼好傷心?同樣的,今天念清大電機的人當年聯考分數都比今天念成 大機械的高,可是誰有把握考研究所時一定比成大機械的人考的好?仔細比較甲與乙的際遇,再重新想想這句話:


我 常和大學部同學談生涯規劃,問他們三十歲以後希望再社會上扮演什麼樣的角色。可是,到現在沒有人真的能回答我這個問題,他們能想到的只有下一步到底是當兵 還是考研究所。聯考制度已經把我們對生命的延續感徹底瓦解掉,剩下的只有片段的“際遇”,更可悲的甚至只活在放榜的那個(光榮或悲哀的)時刻!

但 是,容許我不厭其煩的再重複一次:生命的真相是一種長期而持續的累積過程(這是偶發的際遇無法剝奪的),而不是一時順逆的際遇。如果我們能看清處這個事 實,生命的過程就真是“功不唐捐”,沒什麼好貪求,也沒什麼好焦慮的了!剩下來,我們所需要做的無非只是想清楚自己要從人生獲得什麼,然後安安穩穩,誠誠 懇懇的去累積就是了。


從一進大學就決定不再念研究所,所以,大學四年的時間多半在唸人文科 學的東西。畢業後工作了幾年,才決定要念研究所。碩士畢業後,立下決心:從此不再為文憑而唸書。誰知道,世事難料,當了五年講師後,我又被時勢所迫,整裝 出國念博士。出國時,一位大學同學笑我:全班最晚念博士的都要回國了,你現在才要出去?























最 諷刺的是:當我們面對兩個可能的方案,而焦慮的不知何所抉擇時,通常表示這兩個方案或者一樣好,或者一樣壞,因而實際上選擇哪個都一樣,唯一的差別只是先 後之序而已。而且,愈是讓我們焦慮得厲害的,其實差別越小,愈不值得焦慮。反而真正有明顯的好壞差別時,我們輕易的就知道該怎麼做了。


當 然,有些人還是會憂慮說:“我當完兵又工作後,會不會因為家累或記憶力衰退而比較難考上研究所?” 我只能這樣回答:一個人考不上研究所,只有兩個可能: 或者他不夠聰明,或者他的確夠聰明。不夠聰明而考不上,那也沒什麼好抱怨的。假如你夠聰明,還考不上研究所,那只能說你的決心不夠強。假如你是決心不夠 強,就表示你生命中還有其他的可能性,其重要程度並不下於碩士學位,而你捨不得丟下他。既然如此,考不上研究所也無須感到遺憾。不是嗎?人生的路這麼多, 為什麼要老斤斤計較著一個可能性?

我高中最要好的朋友,一生背運:高中考兩次,高一念兩次,大學又考兩次,甚至連機車駕照都考兩次。畢業 後,他告訴自己:我沒有人脈,也沒有學歷,只能靠加倍的誠懇和努力。現在,他自己擁有一家公司,年收入數千萬。一個人在升學過程中不順利,而在事業上順 利,這是常見的事。有才華的人,不會因為被名校拒絕而連帶失去他的才華,只不過要另外找適合他表現的場所而已。反過來,一個人在升學過程中太順利,也難免 因而放不下身段去創業,而只能乖乖領薪水過活。



好 像是前年的時候,我在往藝術中心的路上遇到一位高中同學。他在南加大當電機系的副教授,被清華電機聘回來給短期課程。從高中時代他就很用功,以第一志願上 台大電機後,四年都拿書卷獎,相信他在專業上的研究也已卓然有成。回想高中入學時,我們兩個人的智力測驗成績分居全學年第一,第二名。可是從高一我就不曾 放棄自己喜歡的文學,音樂,書法,藝術和哲學,而他卻始終不曾分心,因此兩個人在學術上的差距只會愈來愈遠。反過來說,這十幾二十年我在人文領域所獲得的 滿足,恐怕已遠非他所能理解的了。

我太太問過我,如果我肯全心專注於一個研究領域,是不是至少會趕上這位同學的成就?我不這樣想,兩個不 同性情的人,註定要走兩條不同的路。不該得的東西,我們註定是得不到的,隨隨便便拿兩個人來比,只看到他所得到的,卻看不到他所失去的,這有什麼意義?從 高中時代開始,我就不曾仔細計算外在的得失,只安心的做自己想做的事:我不喜歡鬼混,願意花精神把自己分內的事做好;我不能放棄對人文精神的關懷,會持續 一生去探討。事實單單純純的只是:







剛 服完兵役時,長子已出生卻還找不到工作。我曾焦慮過,卻又覺得遲早會有工作,報酬也不至於低的離譜,就不曾太放在心上。念碩士期間,家計全靠太太的薪水, 省吃儉用,但對我而言又算不上困境。一來,精神上我過的很充實,二來我知道這一切是為了讓自己有機會轉行去教書(做自己想做的事)。






手機序號 (IMEI)

撥打: *#06# 就會出現15碼的數字

國際移動裝備辨識碼(International Mobile Equipment Identity number,IMEI),即通常所說的手機序列號
臺北市政府警察局 ─ 手機序號查詢

International Numbering Plans, © 2001-2012

手機序號建檔 買賣可上網查贓-手機遺失-Sogi! 手機王

  1. 含咖啡因飲料:「咖啡因會影響胰島素分泌,」美國運動協會(ACE)指出,喝完咖啡1小時後會產生疲倦感、甚至覺得虛脫無力。
  2. 含酒精、蘇打等刺激性飲料。「別忘了三餐營養均衡更重要,」李祥瑞呼籲,正餐是根基,「像建築物,」基樁穩了,加上牢固的建材,才會活力加倍。
  3. 會「產氣」的食物,造成運動時賬氣、腹痛,如豆類、洋蔥、茄子、馬鈴薯等。
  4. 油膩食物及甜食:如炸雞、薯條等,身體需花較多時間吸收消化,造成運動時腸胃不適,運動完吃,則容易囤積成脂肪。
  5. 可樂:既含咖啡因、會「產氣」、又屬碳酸飲料,台安醫院營養師李祥瑞提醒,就算是低卡可樂,不論運動前後,最好別喝。


2012年8月28日 星期二



Randy Pausch的最後一堂課

鹿港司 大仁工具行

IPSec transport inbound with NAT-T enabled need to update TCP/UDP checksum

Both TCP & UDP checksum use pseudo header which include source and destination address.
In transport mode, there is only one IP header. If source or destination IP is changed by NAT, the TCP/UDP checksum in IPSec data needs to be updated, or the L4 integrity check will fail

Refer to NAT-Traversal

Bash Shell Generate Random Numbers
# echo $RANDOM
# od -vAn -N4 -tu4 < /dev/urandom
# od -vAn -N2 -tu2 < /dev/urandom

Wellesley High grads told: “You’re not special” | The Swellesley Report
Dr. Wong, Dr. Keough, Mrs. Novogroski, Ms. Curran, members of the board of education, family and friends of the graduates, ladies and gentlemen of the Wellesley High School class of 2012, for the privilege of speaking to you this afternoon, I am honored and grateful. Thank you.

So here we are… commencement… life’s great forward-looking ceremony. (And don’t say, “What about weddings?” Weddings are one-sided and insufficiently effective. Weddings are bride-centric pageantry. Other than conceding to a list of unreasonable demands, the groom just stands there. No stately, hey-everybody-look-at-me procession. No being given away. No identity-changing pronouncement. And can you imagine a television show dedicated to watching guys try on tuxedos? Their fathers sitting there misty-eyed with joy and disbelief, their brothers lurking in the corner muttering with envy. Left to men, weddings would be, after limits-testing procrastination, spontaneous, almost inadvertent… during halftime… on the way to the refrigerator. And then there’s the frequency of failure: statistics tell us half of you will get divorced. A winning percentage like that’ll get you last place in the American League East. The Baltimore Orioles do better than weddings.)

But this ceremony… commencement… a commencement works every time. From this day forward… truly… in sickness and in health, through financial fiascos, through midlife crises and passably attractive sales reps at trade shows in Cincinnati, through diminishing tolerance for annoyingness, through every difference, irreconcilable and otherwise, you will stay forever graduated from high school, you and your diploma as one, ‘til death do you part.

No, commencement is life’s great ceremonial beginning, with its own attendant and highly appropriate symbolism. Fitting, for example, for this auspicious rite of passage, is where we find ourselves this afternoon, the venue. Normally, I avoid clichés like the plague, wouldn’t touch them with a ten-foot pole, but here we are on a literal level playing field. That matters. That says something. And your ceremonial costume… shapeless, uniform, one-size-fits-all. Whether male or female, tall or short, scholar or slacker, spray-tanned prom queen or intergalactic X-Box assassin, each of you is dressed, you’ll notice, exactly the same. And your diploma… but for your name, exactly the same.

All of this is as it should be, because none of you is special.

You are not special. You are not exceptional.

Contrary to what your u9 soccer trophy suggests, your glowing seventh grade report card, despite every assurance of a certain corpulent purple dinosaur, that nice Mister Rogers and your batty Aunt Sylvia, no matter how often your maternal caped crusader has swooped in to save you… you’re nothing special.

Yes, you’ve been pampered, cosseted, doted upon, helmeted, bubble-wrapped. Yes, capable adults with other things to do have held you, kissed you, fed you, wiped your mouth, wiped your bottom, trained you, taught you, tutored you, coached you, listened to you, counseled you, encouraged you, consoled you and encouraged you again. You’ve been nudged, cajoled, wheedled and implored. You’ve been feted and fawned over and called sweetie pie. Yes, you have. And, certainly, we’ve been to your games, your plays, your recitals, your science fairs. Absolutely, smiles ignite when you walk into a room, and hundreds gasp with delight at your every tweet. Why, maybe you’ve even had your picture in the Townsman! And now you’ve conquered high school… and, indisputably, here we all have gathered for you, the pride and joy of this fine community, the first to emerge from that magnificent new building…

But do not get the idea you’re anything special. Because you’re not.

The empirical evidence is everywhere, numbers even an English teacher can’t ignore. Newton, Natick, Nee… I am allowed to say Needham, yes? …that has to be two thousand high school graduates right there, give or take, and that’s just the neighborhood Ns. Across the country no fewer than 3.2 million seniors are graduating about now from more than 37,000 high schools. That’s 37,000 valedictorians… 37,000 class presidents… 92,000 harmonizing altos… 340,000 swaggering jocks… 2,185,967 pairs of Uggs. But why limit ourselves to high school? After all, you’re leaving it. So think about this: even if you’re one in a million, on a planet of 6.8 billion that means there are nearly 7,000 people just like you. Imagine standing somewhere over there on Washington Street on Marathon Monday and watching sixty-eight hundred yous go running by. And consider for a moment the bigger picture: your planet, I’ll remind you, is not the center of its solar system, your solar system is not the center of its galaxy, your galaxy is not the center of the universe. In fact, astrophysicists assure us the universe has no center; therefore, you cannot be it. Neither can Donald Trump… which someone should tell him… although that hair is quite a phenomenon.

“But, Dave,” you cry, “Walt Whitman tells me I’m my own version of perfection! Epictetus tells me I have the spark of Zeus!” And I don’t disagree. So that makes 6.8 billion examples of perfection, 6.8 billion sparks of Zeus. You see, if everyone is special, then no one is. If everyone gets a trophy, trophies become meaningless. In our unspoken but not so subtle Darwinian competition with one another–which springs, I think, from our fear of our own insignificance, a subset of our dread of mortality — we have of late, we Americans, to our detriment, come to love accolades more than genuine achievement. We have come to see them as the point — and we’re happy to compromise standards, or ignore reality, if we suspect that’s the quickest way, or only way, to have something to put on the mantelpiece, something to pose with, crow about, something with which to leverage ourselves into a better spot on the social totem pole. No longer is it how you play the game, no longer is it even whether you win or lose, or learn or grow, or enjoy yourself doing it… Now it’s “So what does this get me?” As a consequence, we cheapen worthy endeavors, and building a Guatemalan medical clinic becomes more about the application to Bowdoin than the well-being of Guatemalans. It’s an epidemic — and in its way, not even dear old Wellesley High is immune… one of the best of the 37,000 nationwide, Wellesley High School… where good is no longer good enough, where a B is the new C, and the midlevel curriculum is called Advanced College Placement. And I hope you caught me when I said “one of the best.” I said “one of the best” so we can feel better about ourselves, so we can bask in a little easy distinction, however vague and unverifiable, and count ourselves among the elite, whoever they might be, and enjoy a perceived leg up on the perceived competition. But the phrase defies logic. By definition there can be only one best. You’re it or you’re not.

If you’ve learned anything in your years here I hope it’s that education should be for, rather than material advantage, the exhilaration of learning. You’ve learned, too, I hope, as Sophocles assured us, that wisdom is the chief element of happiness. (Second is ice cream… just an fyi) I also hope you’ve learned enough to recognize how little you know… how little you know now… at the moment… for today is just the beginning. It’s where you go from here that matters.

As you commence, then, and before you scatter to the winds, I urge you to do whatever you do for no reason other than you love it and believe in its importance. Don’t bother with work you don’t believe in any more than you would a spouse you’re not crazy about, lest you too find yourself on the wrong side of a Baltimore Orioles comparison. Resist the easy comforts of complacency, the specious glitter of materialism, the narcotic paralysis of self-satisfaction. Be worthy of your advantages. And read… read all the time… read as a matter of principle, as a matter of self-respect. Read as a nourishing staple of life. Develop and protect a moral sensibility and demonstrate the character to apply it. Dream big. Work hard. Think for yourself. Love everything you love, everyone you love, with all your might. And do so, please, with a sense of urgency, for every tick of the clock subtracts from fewer and fewer; and as surely as there are commencements there are cessations, and you’ll be in no condition to enjoy the ceremony attendant to that eventuality no matter how delightful the afternoon.
The fulfilling life, the distinctive life, the relevant life, is an achievement, not something that will fall into your lap because you’re a nice person or mommy ordered it from the caterer. You’ll note the founding fathers took pains to secure your inalienable right to life, liberty and the pursuit of happiness–quite an active verb, “pursuit”–which leaves, I should think, little time for lying around watching parrots rollerskate on Youtube. The first President Roosevelt, the old rough rider, advocated the strenuous life. Mr. Thoreau wanted to drive life into a corner, to live deep and suck out all the marrow. The poet Mary Oliver tells us to row, row into the swirl and roil. Locally, someone… I forget who… from time to time encourages young scholars to carpe the heck out of the diem. The point is the same: get busy, have at it. Don’t wait for inspiration or passion to find you. Get up, get out, explore, find it yourself, and grab hold with both hands. (Now, before you dash off and get your YOLO tattoo, let me point out the illogic of that trendy little expression–because you can and should live not merely once, but every day of your life. Rather than You Only Live Once, it should be You Live Only Once… but because YLOO doesn’t have the same ring, we shrug and decide it doesn’t matter.)

None of this day-seizing, though, this YLOOing, should be interpreted as license for self-indulgence. Like accolades ought to be, the fulfilled life is a consequence, a gratifying byproduct. It’s what happens when you’re thinking about more important things. Climb the mountain not to plant your flag, but to embrace the challenge, enjoy the air and behold the view. Climb it so you can see the world, not so the world can see you. Go to Paris to be in Paris, not to cross it off your list and congratulate yourself for being worldly. Exercise free will and creative, independent thought not for the satisfactions they will bring you, but for the good they will do others, the rest of the 6.8 billion–and those who will follow them. And then you too will discover the great and curious truth of the human experience is that selflessness is the best thing you can do for yourself. The sweetest joys of life, then, come only with the recognition that you’re not special.

Because everyone is.

Congratulations. Good luck. Make for yourselves, please, for your sake and for ours, extraordinary lives.

I have a samba server sharing a disk with directories/files name mixed with Japanese and Chinese. My Ubuntu 10.04 which mount the disk just show a bunch of "???" or other mystic characters.

The option "iocharset" given to "mount" plays a critical role to have folder/file name display correctly.
"iocharset=cp950" with "LANG=zh_TW.big5".
"iocharset=cp932" with "LANG=ja_JP.shiftjis"
"iocharset=utf8" with "LANG=zh_TW.utf8" and "LANG=en_US.utf8" (I guess all XXX.utf8 would work)
UTF8 is most suggested to be used.

To Install a new locale:
$ sudo ./install-language-pack EUC-JP
$ sudo locale-gen ja_JP.EUC-JP
Generating locales...
ja_JP.EUC-JP... done
Generation complete.
$ locale -a

Configure the Terminal
After the locale is installed/configured properly, you need to change the Terminal's default locale:
(Just temporarily, or make the changes to /etc/environment for permanent change)
And the Character Encoding:
[Terminal] -> [Set Character Encoding] -> [Japenease (EUC-JP)] or the one that match the LANG setting.

locale -a


For Anti-UTF-8 people
See the first column of the file /usr/share/i18n/SUPPORTED and identify your language codes, example: en_US es_VE pt_BR es_ES. Note that the second column shows the encoding to be used with that language code and remember that we don't want UTF-8 as encoding.

After you know which language codes you will use, go to the terminal and type the following:

$ sudo locale-gen LANG1 LANG2 LANG3 ...

Where LANG1, LANG2, ... are the language code you selected. As an example, a user in Venezuela may want:

$ sudo locale-gen es_VE en_US

After that, you should reboot your computer.

Instructions for setting up Japanese Shift_JIS charset on Ubuntu Linux:

1. Install the language pack:
$ sudo apt-get install language-pack-gnome-ja language-pack-ja
2. List the currently installed locale's
$ locale -a
3. We need to add the following to /var/lib/locales/supported.d/local
4. List the available charsets
$ locale -m
You should see SHIFT_JIS in the list
5. Compile the ja_JP.shiftjis locale
$ sudo localedef -f SHIFT_JIS -i ja_JP ja_JP.Shift_JIS
6. List the currently installed locales to see if our new one is now available
$ locale -a

sudo vim /etc/default/locale
locale -a
sudo vim /var/lib/locales/supported.d/locale
zh_TW.UTF-8 UTF-8
en_US.UTF-8 UTF-8
sudo locale-gen
echo "LANG=en_US.utf-8" » /etc/environment
echo "LC_ALL=en_US.utf-8" » /etc/environment

Building buildroot/uClibc might failed due to host locale setting.

[Buildroot] problem with locale

Linux ESN window size

static struct xfrm_link xfrm_dispatch[XFRM_NR_MSGTYPES]
xfrm_add_sa(struct nlattr **attrs)
xfrm_alloc_replay_state_esn(struct nlattr *rta)
return (char *) nla + NLA_HDRLEN;

struct xfrm_state
struct xfrm_replay_state_esn *replay_esn;
x->props.replay_window = sa->sadb_sa_replay;

static pfkey_handler pfkey_funcs[SADB_MAX + 1]
pfkey_msg2xfrm_state or xfrm_state_clone(CONFIG_XFRM_MIGRATE)

[strongSwan] anti-replay window size?
currently the kernel interface method add_sa() of the IKEv2 daemon
sets the replay window size to a constant value of 32:


whereas in the kernel interface method netlink_add_sa() of the IKEv1
daemon the size is configurable:


but in kernel.c where netlink_add_sa() is called, the value is set
invariably to 32,

Strongswan also limits the maximum window size to 64 in pfkey_prop_parse().

IPSec Anti-Replay Window: Expanding and Disabling - Cisco Systems
IPsec Anti-Replay Window

Cisco IPsec authentication provides anti-replay protection against an attacker duplicating encrypted packets by assigning a unique sequence number to each encrypted packet. (Security association [SA] anti-replay is a security service in which the receiver can reject old or duplicate packets to protect itself against replay attacks.) The decryptor checks off the sequence numbers that it has seen before. The encryptor assigns sequence numbers in an increasing order. The decryptor remembers the value X of the highest sequence number that it has already seen. N is the window size, and the decryptor also remembers whether it has seen packets having sequence numbers from X-N+1 through X. Any packet with the sequence number X-N is discarded. Currently, N is set at 64, so only 64 packets can be tracked by the decryptor.

At times, however, the 64-packet window size is not sufficient. For example, Cisco quality of service (QoS) gives priority to high-priority packets, which could cause some low-priority packets to be discarded even though they could be one of the last 64 packets received by the decryptor. The IPsec Anti-Replay Window: Expanding and Disabling feature allows you to expand the window size, allowing the decryptor to keep track of more than 64 packets.

Increasing the anti-replay window size has no impact on throughput and security. The impact on memory is insignificant because only an extra 128 bytes per incoming IPsec SA is needed to store the sequence number on the decryptor. It is recommended that you use the full 1024 window size to eliminate any future anti-replay problems.

Push to remote branch of remote repo
git push <remote_name> +<br_name>:refs/remotes/<my_name>/<br_name>

I suddenly realize this is a convenient command to push updates to each working copy, which may have the same branch name checkout. Git wont allow you to push to a checkout branch. This prevent that from happening.

Make an alias for this:
rpush = !sh -c 'git push $1 +HEAD:refs/remotes/$2/$3' -
Then you can do:
git rpush <remote_name> <my_name> <br_name>

C=0,B=0: NCNB (WB off)
C=0,B=1: NCB (WB on)
C=1,B=0: WriteThrough, no write allocate (WB on)
C=1,B=1: WriteBack, no write allocate (WB on)

1.WB的設計是為了防止處理器流水線被寫數據總線操作(寫主存,寫外圍設備寄存器等)拉住。典型寫數據總線時機有三種:一是cache處於write through策略下的寫操作;二是cache處於write back策略下,dirty數據由於cache行替換或者被程序主動清空而寫回主存,三是不經過cache,直接對數據總線的寫操作。有了WB之後,被寫回數據總線的內容在進入WB之後,處理器和cache就可以立刻繼續使用了。這就是WB和cache的關係。
ARM各系列的處理器上的cache設計有所不同,所以有的cache只有write through策略,有的cache只有write back策略,還有的cache是write back策略但允許一定的write through行為,因此C和B位的四種組合對這三種cache而言有不同的含義。第一列和第二列分別針對write through型cache和write back型cache進行解釋,其含義可以參考我對第1個問題的回答,第三列針對write back策略但允許一定的write through行為的cache,第一行好理解,第二行之所以在B位為0的情況下依然是bufferable,應該是因為硬件上的設計原因(節省硬件資源或者由於目標設計頻率限制),第三行的含義是,當C==1,B==0時,cache使用write through策略,WB開啟,第四行的含義是,當C==1,B==1時,cache使用write back策略,WB開啟。
可以看到,對第三種類型的cache,C和B位不再「嚴格」是其本來控制cacheable和bufferable的含義,而是利用這兩位的「組合」來控制cache和WB的表現行為,這樣做比另外再增加一位來選擇cache的write back策略和write through策略硬件上節約了資源,效果上卻差不多,少了cache和WB幾種意義不大的組合,應該說還是挺巧妙的。

7.5.3. Cacheable and bufferable flags
If you set a region to be cacheable:

  • When you load from that region, the cache is searched. If the item is found, it is loaded from the cache. If the item is not found, a complete cache line including the required address is loaded. Some other cache line is evicted from the cache, unless there is an unused cache line available.
  • When you save to that region, the cache is searched. If the item is found, the save is made to the cache. If the item is not found, the save is made to memory.

The exact effect of the bufferable flag varies (see the Technical Reference Manual for your processor for details).

Maxium packets per second

Maximum packets per second of Gbe
64-byte: 1000000/((64+20)*8) = 1488kpps
128-byte: 1000000/((128+20)*8) = 844kpps
1500-byte: 1000000/((1500+20)*8) = 82kpps

1Gbps = 1000M bits/((84字节)*8(bit 每字节))=1.488095 Mpps
(根据IEEE802.3规范, 100Mbps=100,000,000bps即以太网速率的单位是以10进制为单位的。)
根据Ethernet的CSMA/CD的工作原理,报文在发送之前,要先侦听一段时间线路是否空闲,空闲才能发送。这个监听时间为帧间隙(IPG Inter-Packet Gap),为发送12个字节的时间。为了能接受同步,在以太网帧结构前增加了8个字节的前导码(Preamble),其中7个字节为AA(其二进制形式为01010101)用于与接收端同步,第8个字节为AB(帧定界符),用于定界,标明从现在开始后面的是以太网帧。所以,最短帧的实际长度为:
64字节+12(字节帧间隙)+8(前导码)= 84字节

[wiki] Interframe gap
The minimum interframe gap is 96 bit times (the time it takes to transmit 96 bits of raw data on the medium), which is 9.6 us for 10 Mbit/s Ethernet, 0.96 us for 100 Mbit/s (fast) Ethernet, 0.096 us for 1 Gbit/s (gigabit) Ethernet, and 0.0096 us for 10 Gbit/s (10 gigabit) Ethernet.

GIT post-commit: Backup commits to "remote branch" of remote repo

  1. gitbackup.remotename: the remote used to backup, default "gitbackup"
  2. gitbackup.myname: the name shown before remote branch of remote repo, default is current git directory "$(pwd)"

  1. Copy the following post-commit to .git/hooks
  2. Add remote
    git remote add gitbackup XXX@YYY:/ZZZ
  3. Change configuration if needed
  4. It is suggested to create a ssh key to the remote "gitbackup" to login without password.
    Refer to ssh-keygen.
Done!!! git will also push the commit to remote repo of remote branch while committing:
# git commit -m "update" -a
Counting objects: 5, done.
Delta compression using up to 8 threads.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 797 bytes, done.
Total 3 (delta 2), reused 0 (delta 0)
To xxx@XXX.XXX:~/prj/mygit
f3fe00e..d46f950 HEAD -> 101/101
[101 d46f950] update
1 files changed, 37 insertions(+), 0 deletions(-)

curbr=$(git branch | grep \* | cut -c 3-)
remotename=$(git config gitbackup.remotename)
myname=$(git config gitbackup.myname)

if [ -z "${myname}" ] ;then
myname=$(readlink -e $(pwd))
git config gitbackup.myname ${myname}
if [ -z "${remotename}" ] ;then
git config gitbackup.remotename ${remotename}
if echo ${curbr} | grep \( 1>/dev/null 2>&1 ; then
echo Warning: you are not on any branch currently...
git push ${remotename} +HEAD:refs/remotes/${myname##/}/${curbr}
: Nothing

Push to remote branch of remote repo
git push <remote_name> +<br_name>:refs/remotes/<my_name>/<br_name>

7.3 Customizing Git - Git Hooks

[Git] 利用 post-receive hook 自動發 Email 給團隊成員

Create RSA key pair
openssl genrsa -out keys.pem 2048
To get public key (modulus)
openssl rsa -text -in keys.pem

Keys are the basis of public key algorithms and PKI.  Keys usually
come in pairs, with one half being the public key and the other half
being the private key.  With OpenSSL, the private key contains the
public key information as well, so a public key doesn't need to be
generated separately.
Brooks's law is a principle in software development which says that "adding manpower to a late software project makes it later".[1] It was coined by Fred Brooks in his 1975 book The Mythical Man-Month. The corollary of Brooks's Law is that there is an incremental person who, when added to a project, makes it take more, not less time. Brooks adds that "Nine women can't make a baby in one month".

  1. In new kernel source,
    make allmodconfig KCONFIG_ALLCONFIG=/boot/config-of-old-kernel
    This will create a kernel config of the new kernel, and answered all with "m" based on the old config.

  2. Build the kernel and boot. Go on if it boot without issues.
  3. Disable all the modules not used currently in .config.
    make localmodconfig
  4. Have all modules (m) in .config become built-in (y)
    make localyesconfig
  5. Save the .config as minimal config to ./defconfig
    make savedefconfig

localmodconfig - Update current config disabling modules not loaded
localyesconfig - Update current config converting local mods to core

savedefconfig - Save current config as ./defconfig (minimal config)

allnoconfig - New config where all options are answered with no
allyesconfig - New config where all options are accepted with yes
allmodconfig - New config selecting modules when possible
alldefconfig - New config with all symbols set to default
To specify a filename that contains config options that the user requires to be set to a specific value

[Debian] Documentation/lguest: No such file or directory

As a workaround simply linking the virtual/lguest/ directory from the Documentation folder of the source tree will solve the problem.
cd ./Documentation
ln -s virtual/lguest/

IPSec: Fragmentation/Reassemble

3.3. Outbound Packet Processing
3.3.4. Fragmentation
If necessary, fragmentation is performed after ESP processing within an IPsec implementation. Thus, transport mode ESP is applied only to whole IP datagrams (not to IP fragments). An IP packet to which ESP has been applied may itself be fragmented by routers en route, and such fragments must be reassembled prior to ESP processing at a receiver. In tunnel mode, ESP is applied to an IP packet, which may be a fragment of an IP datagram. For example, a security gateway or a "bump-in-the-stack" or "bump-in-the-wire" IPsec implementation (as defined in the Security Architecture document) may apply tunnel mode ESP to such fragments.
Fragmentation, whether performed by an IPsec implementation or by routers along the path between IPsec peers, significantly reduces performance. Moreover, the requirement for an ESP receiver to accept fragments for reassembly creates denial of service vulnerabilities. Thus, an ESP implementation MAY choose to not support fragmentation and may mark transmitted packets with the DF bit, to facilitate Path MTU (PMTU) discovery. In any case, an ESP implementation MUST support generation of ICMP PMTU messages (or equivalent internal signaling for native host implementations) to minimize the likelihood of fragmentation. Details of the support required for MTU management are contained in the Security Architecture document.

3.4. Inbound Packet Processing
3.4.1. Reassembly

If required, reassembly is performed prior to ESP processing.

IPSec: Anti-replay

3.3.2. Sequence Number Generation
The sender assumes anti-replay is enabled as a default, unless otherwise notified by the receiver (see Section 3.4.3) or if the SA was configured using manual key management. Thus, typical behavior of an AH implementation calls for the sender to establish a new SA when the Sequence Number (or ESN) cycles, or in anticipation of this value cycling.

3.4.3. Sequence Number Verification
All AH implementations MUST support the anti-replay service, though its use may be enabled or disabled by the receiver on a per-SA basis. Anti-replay is applicable to unicast as well as multicast SAs. However, this standard specifies no mechanisms for providing anti- replay for a multi-sender SA (unicast or multicast). In the absence of negotiation (or manual configuration) of an anti-replay mechanism for such an SA, it is recommended that sender and receiver checking of the Sequence Number for the SA be disabled (via negotiation or manual configuration), as noted below.

1. Introduction
The anti-replay service may be selected for an SA only if the integrity service is selected for that SA. The selection of this service is solely at the discretion of the receiver and thus need not be negotiated. However, to make use of the Extended Sequence Number feature in an interoperable fashion, ESP does impose a requirement on SA management protocols to be able to negotiate this feature (see Section 2.2.1 below).

2.2. Sequence Number
If anti-replay is enabled (the default), the transmitted sequence number must never be allowed to cycle. Thus, the sender's counter and the receiver's counter MUST be reset (by establishing a new SA and thus a new key) prior to the transmission of the 2^32nd packet on an SA.

3.3.3. Sequence Number Generation
If the key used to compute an ICV is manually distributed, a compliant implementation SHOULD NOT provide anti-replay service. If a user chooses to employ anti-replay in conjunction with SAs that are manually keyed, the sequence number counter at the sender MUST be correctly maintained across local reboots, etc., until the key is replaced. (See Section 5.)
Note: If a receiver chooses to not enable anti-replay for an SA, then the receiver SHOULD NOT negotiate ESN in an SA management protocol. Use of ESN creates a need for the receiver to manage the anti-replay window (in order to determine the correct value for the high-order bits of the ESN, which are employed in the ICV computation), which is generally contrary to the notion of disabling anti-replay for an SA.

3.4.3. Sequence Number Verification
All ESP implementations MUST support the anti-replay service, though its use may be enabled or disabled by the receiver on a per-SA basis. This service MUST NOT be enabled unless the ESP integrity service also is enabled for the SA, because otherwise the Sequence Number field has not been integrity protected. Anti-replay is applicable to unicast as well as multicast SAs. However, this standard specifies no mechanisms for providing anti-replay for a multi-sender SA (unicast or multicast). In the absence of negotiation (or manual configuration) of an anti-replay mechanism for such an SA, it is recommended that sender and receiver checking of the sequence number for the SA be disabled (via negotiation or manual configuration), as noted below.

RFC 4302: IP Authentication Header
2.5. Sequence Number
This unsigned 32-bit field contains a counter value that increases by one for each packet sent, i.e., a per-SA packet sequence number.
The field is mandatory and MUST always be present even if the receiver does not elect to enable the anti-replay service for a specific SA.
Thus, the sender MUST always transmit this field, but the receiver need not act upon it.

The sender's counter and the receiver's counter are initialized to 0 when an SA is established. (The first packet sent using a given SA will have a sequence number of 1; see Section 3.3.2 for more details on how the sequence number is generated.) If anti-replay is enabled (the default), the transmitted sequence number must never be allowed to cycle. Thus, the sender's counter and the receiver's counter MUST be reset (by establishing a new SA and thus a new key) prior to the transmission of the 2^32nd packet on an SA.

2.5.1. Extended (64-bit) Sequence Number
To support high-speed IPsec implementations, a new option for sequence numbers SHOULD be offered, as an extension to the current, 32-bit sequence number field. Use of an Extended Sequence Number (ESN) MUST be negotiated by an SA management protocol. Note that in IKEv2, this negotiation is implicit; the default is ESN unless 32-bit sequence numbers are explicitly negotiated. (The ESN feature is applicable to multicast as well as unicast SAs.)

The ESN facility allows use of a 64-bit sequence number for an SA. (See Appendix B, "Extended (64-bit) Sequence Numbers", for details.) Only the low-order 32 bits of the sequence number are transmitted in the AH header of each packet, thus minimizing packet overhead. The high-order 32 bits are maintained as part of the sequence number counter by both transmitter and receiver and are included in the computation of the ICV, but are not transmitted. Implicit Packet Padding and ESN
If the ESN option is elected for an SA, then the high-order 32 bits of the ESN must be included in the ICV computation. For purposes of ICV computation, these bits are appended (implicitly) immediately after the end of the payload, and before any implicit packet padding.

For some integrity algorithms, the byte string over which the ICV computation is performed must be a multiple of a blocksize specified by the algorithm. If the IP packet length (including AH and the 32 high-order bits of the ESN, if enabled) does not match the blocksize requirements for the algorithm, implicit padding MUST be appended to the end of the packet, prior to ICV computation. The padding octets MUST have a value of zero. The blocksize (and hence the length of the padding) is specified by the algorithm specification. This padding is not transmitted with the packet. The document that defines an integrity algorithm MUST be consulted to determine if implicit padding is required as described above. If the document does not specify an answer to this, then the default is to assume that implicit padding is required (as needed to match the packet length to the algorithm's blocksize.) If padding bytes are needed but the algorithm does not specify the padding contents, then the padding octets MUST have a value of zero.
Appendix B: Extended (64-bit) Sequence Numbers
B3. Handling Loss of Synchronization due to Significant Packet Loss

RFC 4303: IP Encapsulating Security Payload (ESP)
2.2.1. Extended (64-bit) Sequence Number
The high-order 32 bits are maintained as part of the sequence number counter by both transmitter and receiver and are included in the computation of the ICV (if the integrity service is selected). If a separate integrity algorithm is employed, the high order bits are included in the implicit ESP trailer, but are not transmitted, analogous to integrity algorithm padding bits. If a combined mode algorithm is employed, the algorithm choice determines whether the high-order ESN bits are transmitted or are included implicitly in the computation. See Section for processing details. Separate Confidentiality and Integrity Algorithms
4. Compute the ICV over the ESP packet minus the ICV field. Thus, the ICV computation encompasses the SPI, Sequence Number, Payload Data, Padding (if present), Pad Length, and Next Header. (Note that the last 4 fields will be in ciphertext form, because encryption is performed first.) If the ESN option is enabled for the SA, the high-order 32 bits of the sequence number are appended after the Next Header field for purposes of this computation, but are not transmitted. Combined Confidentiality and Integrity Algorithms

- The Sequence Number (or Extended Sequence Number, as appropriate) and the SPI are inputs to the algorithm, as they must be included in the integrity check computation. The means by which these values are included in this computation are a function of the combined mode algorithm employed and thus not specified in this standard.

3.3.3. Sequence Number Generation
If ESN (see Appendix) is selected, only the low-order 32 bits of the sequence number are transmitted in the Sequence Number field, although both sender and receiver maintain full 64-bit ESN counters. The high order 32 bits are included in the integrity check in an algorithm/mode-specific fashion, e.g., the high-order 32 bits may be appended after the Next Header field when a separate integrity algorithm is employed.
Appendix A: Extended (64-bit) Sequence Numbers

RFC 4543 - The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH
RFC 5084 - Using AES-CCM and AES-GCM Authenticated Encryption in the Cryptographic Message Syntax (CMS)
AES-GCM has four inputs: an AES key, an initialization vector (IV), a plaintext content, and optional additional authenticated data (AAD). AES-GCM generates two outputs: a ciphertext and message
AAD is authenticated but not encrypted. Thus, the AAD is not included in the AES-GCM output. It can be used to authenticate plaintext packet headers. In the CMS authenticated-enveloped-data content type, authenticated attributes comprise the AAD.

3.2 AH Sequence Number Field
RFC 4302 allows an optional Extended Sequence Number (ESN) to be used. This is helpful in high-speed networks, where a 32-bit counter could easily overflow during normal operations. ESNs are 64 bits long, and the entire 64 bits is used in the MAC calculation by AH even though only the least significant 32 bits of the ESN are carried in the Sequence Number Field. For the purposes of MAC calculation, the most significant 32 bits are placed after the payload, meaning that the ESN is actually split into two parts rather than appearing as a sequence of 64 consecutive bits in the input to the MAC. This is somewhat unusual, but does allow the AH format to remain the same as that specified in RFC 2402 when 32 bit sequence numbers are used. The transmission of only half the ESN in AH leads to the need for a synchronization mechanism in the event that more than 232 consecutive packets are lost. This is addressed in [22, Appendix B3]. RFC 4302 indicates that the default setting is to use ESNs rather than 32 bit sequence numbers; RFC 4304 [24] explains how IKE can be modi¯ed to allow negotation of ESNs.

4.2 ESP Sequence Number Field
Sequence numbers, including Extended Sequence Numbers (ESNs), are treated in largely the same way in RFC 4303 as they are in the AH RFC, RFC 4302. In particular, their use by the receiver is optional, but their inclusion in ESP headers is mandatory. The only real difference is that sequence numbers must be ignored by the recipient if the relevant ESP SA specifies the NULL integrity protection algorithm (in other words, if the SA only offers encryption). In this situation, ESP cannot offer an anti-replay service. If a combined mode algorithm is in use, the most significant bits of an ESN may actually be transmitted; if separate integrity and encryption algorithms are used, these bits are not transmitted, but are included in the MAC calculation by placing them in the ESP trailer, so they are split into two parts (as in AH).