2014年12月26日 星期五

minicom+kermit with u-boot

Ubuntu 13.10.

Installation:

  1. sudo apt-get install minicom ckermit
  2. /etc/kermit/kermrc
    set carrier-watch off
    set prefixing all
    set parity none
    set stop-bits 1
    set modem none
    set file type bin
    set file name lit
    set flow-control none
    set prompt "Linux Kermit> "

On minicom, give the following command to u-boot:
==> loadb 0x2000000
## Ready for binary (kermit) download to 0x02000000 at 115200 bps...
Then do ctrl+A+S with "kermit", select file to send. You should see the following screen:
C-Kermit 9.0.302 OPEN SOURCE:, 20 Aug 2011, testPC [192.168.1.105]

   Current Directory: /home/xxxx
Communication Device: /dev/ttyUSB0
 Communication Speed: 115200
              Parity: none
         RTT/Timeout: 01 / 03
             SENDING:  => u-boot.bin
                      BINARY
           File Size: 699264
        Percent Done: 4   //
                          ...10...20...30...40...50...60...70...80...90..100
 Estimated Time Left: 00:01:24
  Transfer Rate, CPS: 7887
        Window Slots: 1 of 1
         Packet Type: D
        Packet Count: 10
       Packet Length: 9024
         Error Count: 0
          Last Error:
        Last Message:

ERROR: ctrl+A+S with "kermit" doesn't work; nothing shown
Maybe something went wrong with kermit. In my case I didn't have kermrc set correctly. You can try to run kermit manually, for example:
# sudo kermit -i -l /dev/ttyUSB0 -b 115200 -s u-boot.bin

?Carrier required but not detected
It might be required for minicom to quit to run this command in console.



lazyf's den : A Personal Weblog: [技術] Linux下使用Minicon+Kermit
http://lazyflai.blogspot.tw/2010/06/linuxminiconkermit.html

Problems running Kermit - FedoraForum.org
http://forums.fedoraforum.org/showthread.php?t=121720

2014年12月25日 星期四

徒手腿部訓練

跑者髖關節訓練│動一動│專欄│Balance的鐵工廠Don1Don
http://www.don1don.com/archives/31610

多向跨步(Lunge Clock)
和運動傷害說掰掰 9項單腳訓練<上>
http://www.sportsnote.com.tw/running/view_article.aspx?id=414c054e-42fb-47ba-b81d-ae149aa667b6
 單腳深蹲 (Single-Leg Squat)


單腿臀部運動(Single-Leg Hip Drive)


單腳跳躍(Single-Leg Hops)
直線前跳後跳左右跳


單腳橫向跳躍(Single-Leg Lateral Hops)
定點左右跳
和運動傷害說掰掰 9項單腳訓練<下>
http://www.sportsnote.com.tw/running/view_article.aspx?id=6d6eb732-72c5-4b99-9a17-9cb6cf2e2efb
單腳星狀跳躍(Hopstar)

LTE

全球LTE標準必要專利佈局(一) LTE技術持續演進的重點方向
http://iknow.stpi.narl.org.tw/post/Read.aspx?PostID=10451

測試LTE基地台OTA 手持式頻譜分析儀走紅 - 學技術 - 新電子科技雜誌
http://www.mem.com.tw/article_content.asp?sn=1410150006&page=2

2014年12月10日 星期三

Strongswan and Cisco ASR5000 SeGW

  1. strongswan would enumerate all the available transform in the first IKE_SA_INIT. But it might be too much and there are some that are not recognizable by Cisco SeGW, and SeGW will just drop it and no response.....
    ike=aes128-sha1-prfsha1-
    modp1024,aes256-sha1-prfsha1-modp1024,3des-md5-prfmd5-modp1024,3des-sha1-prfsha1-modp1024,des-sha1-prfsha1-modp1
    esp=aes128-sha1-modp1024,3des-md5
    Cisco SeGW reports:
    Too Many Transforms:             110
    And dump the packet at Cisco show something like:
    (........a lot of transforms.........)

          Transform Header #39
            Last                 (U08): Yes/0 (0x00)
            Reserved             (U08): 0
            Transform Length     (U16): 8 (0x8) bytes
            Transform Type       (U08): DHGROUP/4 (0x04)
            Reserved             (U08): 0
            Transform ID         (U16): UNKNOWN/30 (0x001E)
    FIX: To fix this, force to use only one of the transform instead let it choose automatically, e.g.
    ike=aes128-sha1-prfsha1-modp1024!
    esp=aes128-sha1-modp1024!
     
  2. By default the mobike is enabled in strongswan, while Cisco SeGW doesn't support it. The tunnel is created without any problem. However, all packets encrypted with ESP is received by SeGW, but "somehow" not recognized. For example, encrypted ping request is received by SeGW, but not decrypted and is dropped.
    And on strongswan PC, all encrypted ping from SeGW is not received.

    FIX: Disable mobike will fix this issue.
    mobike=no

2014年11月28日 星期五

Tabata

每天這樣做,三個月練就完美人魚線! LIFE生活網
http://www.life.com.tw/?app=view&no=115609

將這8個動作依次練20秒然後休息10秒繼續下一個動作

1. 2. 3. 4. 5. 6. 7. 8. 

2014年10月15日 星期三

32.593

3GPP specification: 32.593
http://www.3gpp.org/DynaReport/32593.htm

LTE; Telecommunication management; Home enhanced Node B (HeNB) Operations, Administration, Maintenance and Provisioning (OAM&P); Procedure flows for Type 1 interface HeNB to HeNB Management System (HeMS) (3GPP TS 32.593 version 11.0.0 Release 11)
http://www.etsi.org/deliver/etsi_ts/132500_132599/132593/11.00.00_60/ts_132593v110000p.pdf

2014年10月7日 星期二

PeaZip

PeaZip 免費中文壓縮軟體,支援解壓縮 RAR、7Z、ZIP 等超過 150 種格式
http://free.com.tw/peazip/

PeaZip | Free Zip files utility, free Rar files extractor
http://peazip.sourceforge.net/

2014年10月2日 星期四

泰雅族歡樂歌 Ri muy Sola Ri muy Yo

泰雅族歡樂歌 Rimuy Sola Rimuy Yo
https://www.youtube.com/watch?v=8JeaSYepua0

Ri muy so la ri muy yo

ri muy so la ri muy yo
ri muy so la ri muy yo
ya ba ya ya ya ki
p q(k)a sun(saw) ta ryax soni

p g(t)a sun(saw) ta
p q(k)a sun(saw) ta
(g)u tux ryan so ni

歡樂歌

我們大家聚在一起
爸爸,媽媽,孩子今天都歡喜
讓我們此刻歡喜的聚在一起


台中市立梨山國民中小學母語日網站: 社團活動─泰雅歌謠社
http://lseslanguage.blogspot.com/2013/11/blog-post_7598.html

2014年9月29日 星期一

[Python] Generate executable binary in Linux

Freezing Your Code — The Hitchhiker's Guide to Python
http://docs.python-guide.org/en/latest/shipping/freezing/

How can I create a stand-alone binary from a Python script?
http://effbot.org/pyfaq/how-can-i-create-a-stand-alone-binary-from-a-python-script.htm



Freeze.py

What is the Python freeze process? - Stack Overflow
http://stackoverflow.com/questions/9916647/what-is-the-python-freeze-process

30.1. imp — Access the import internals — Python 2.7.8 documentation
https://docs.python.org/2/library/imp.html#imp.init_frozen

Freeze - Python Wiki
https://wiki.python.org/moin/Freeze

python/freeze.py at master · python-git/python · GitHub
https://github.com/python-git/python/blob/master/Tools/freeze/freeze.py

[projects] Index of /python/trunk/Tools/freeze
http://svn.python.org/view/python/trunk/Tools/freeze/

ubuntu - Error in using Python freeze.py - Stack Overflow
http://stackoverflow.com/questions/20313886/error-in-using-python-freeze-py

Ubuntu 13.10
  1. sudo apt-get install python2.7-examples
    The one mark in red is the freeze.py we need.
    dpkg -S freeze.py
    python-pip: /usr/share/pyshared/pip/commands/freeze.py
    python-pip: /usr/lib/python2.7/dist-packages/pip/commands/freeze.py
    python2.7-examples: /usr/share/doc/python2.7/examples/Tools/freeze/makefreeze.py
    python2.7-examples: /usr/share/doc/python2.7/examples/Tools/freeze/freeze.py
  2. sudo ln -s /usr/lib/python2.7/config-x86_64-linux-gnu/ /usr/lib/python2.7/config
  3. python /usr/share/doc/python2.7/examples/Tools/freeze/freeze.py test.py
  4. make
  5. If make finished successfully, the executable binary should be available at ./test.

cxfreeze script — cx_Freeze 5.0 documentation
http://cx-freeze.readthedocs.org/en/latest/script.html#script


2014年8月8日 星期五

Linux Core Dump

CONFIG_ELF_CORE
CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS

Busybox uses softlimit to set RLIMIT_CORE.

sysctl -w "kernel.core_pattern=/var/cores/%h-%e-%p.core"; mkdir /var/cores -p;
sysctl -w "kernel.core_pattern=/core";
sysctl -w "kernel.core_pattern=/tmp/core-%e-%s-%u-%g-%p-%t";
sysctl -w "kernel.core_uses_pid=1";
sysctl -w "fs.suid_dumpable=2";

cat /proc/sys/kernel/core_pattern;
cat /proc/sys/kernel/core_uses_pid;
cat /proc/sys/fs/suid_dumpable;

mount -t tmpfs tmpfs /tmp;
softlimit -c 1048576 /mnt/app/test &

killall -11 test
kill -s SIGSEGV 8257
ls -al /var/cores
ls -al /tmp




Linux Applications Debugging Techniques/Core files - Wikibooks, open books for an open world
http://en.wikibooks.org/wiki/Linux_Applications_Debugging_Techniques/Core_files

HowTo: Debug Crashed Linux Application Core Files Like A Pro - nixCraft
http://www.cyberciti.biz/tips/linux-core-dumps.html

core(5) - Linux manual page
http://man7.org/linux/man-pages/man5/core.5.html

How to: Enable/Generate/Debug Core Dump In Linux? » IT Sprite
http://www.itsprite.com/how-to-enablegeneratedebug-core-dump-in-linux/

linux - Who generate a core dump file? Kernel or glibc? - Stack Overflow
http://stackoverflow.com/questions/20969239/who-generate-a-core-dump-file-kernel-or-glibc

Linux: Understanding how much is malloc'ed in a coredump (Kevin Grigorenko's IBM WebSphere SWAT Blog)
https://www.ibm.com/developerworks/community/blogs/kevgrig/entry/linux_understanding_how_much_is_malloc_ed_in_a_coredump?lang=en


kernel/git/torvalds/linux.git - Linux kernel source tree
coredump: make core dump functionality optional
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=046d662f481830e652ac34cd112249adde16452a

How to handle SIGSEGV, but also generate a core dump - Alex on Linux
http://www.alexonlinux.com/how-to-handle-sigsegv-but-also-generate-core-dump

2014年8月6日 星期三

Linux Crash Dump






echo 1 > /proc/sys/kernel/sysrq  #enable SysRq
echo c > /proc/sysrq-trigger #trigger Crash

Magic SysRq key - Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Magic_SysRq_key



linux - core dump not generated - Stack Overflow
http://stackoverflow.com/questions/6809227/core-dump-not-generated

google-coredumper - A neat tool for creating GDB readable coredumps from multithreaded applications - Google Project Hosting
http://code.google.com/p/google-coredumper/


eCrash: Debugging without Core Dumps | Linux Journal
http://www.linuxjournal.com/article/8724?page=0,0

Embedded Crash Handler | Free software downloads at SourceForge.net
http://sourceforge.net/projects/ecrash/


Documentation for Kdump - The kexec-based Crash Dumping Solution
https://www.kernel.org/doc/Documentation/kdump/kdump.txt


[Ubuntu] Kernel Crash Dump
https://help.ubuntu.com/12.04/serverguide/kernel-crash-dump.html

[Fedora] How to use kdump to debug kernel crashes - FedoraProject
http://fedoraproject.org/wiki/How_to_use_kdump_to_debug_kernel_crashes

[Red Hat] A quick overview of Linux kernel crash dump analysis
http://magazine.redhat.com/2007/08/15/a-quick-overview-of-linux-kernel-crash-dump-analysis/

[Red Hat] Crash
http://people.redhat.com/~anderson/
https://github.com/crash-utility/crash

Linux Kernel Crash Book
https://www.dropbox.com/s/ktbz9fy7qbwsyfa/www.dedoimedo.com-crash-book.pdf

2014年8月4日 星期一

sshd always wants to change password

It's solved for me by setting it to non-zero:

sshd:"PASSWORD":1:0:99999:7:::
Or run the following every time after useradd or passwd:
sed -e 's/^\([^:]*:[^:]*:\)0:/\11:/' /etc/shadow -i
Is it because busybox passwd always update the "last changed" field to 0?

No, it's because the System time is not set correctly.

libbb/update_passwd.c
/* "name:" + "new_passwd" + ":" + "change date" + ":rest of line" */
fprintf(new_fp, "%s%s:%u%s\n", name_colon, new_passwd,
        (unsigned)(time(NULL)) / (24*60*60), cp);
So if system time is not set correctly, "last changed" field will always be 0 at the first day, and SSH will always asking for changing passwd.

Use date to update the system should fix this issue:
date -s 201401010000.00
This is not even busybox related. It might happened on any PC, just PC has battery and RTC and rarely lost the time.



lib.uclibc.buildroot - Re: sshd always wants to change password - msg#00125 - Recent Discussion OSDir.com
http://osdir.com/ml/lib.uclibc.buildroot/2007-05/msg00125.html

> >Here is the entry from my shadow file:
> >sshd:"PASSWORD":0:0:99999:7:::
>
> set the last changed field to non-null


Linux Password & Shadow File Formats
http://www.tldp.org/LDP/lame/LAME/linux-admin-made-easy/shadow-file-formats.html
smithj:Ep6mckrOLChF.:10063:0:99999:7:::
As with the passwd file, each field in the shadow file is also separated with ":" colon characters, and are as follows:
  • Username, up to 8 characters. Case-sensitive, usually all lowercase. A direct match to the username in the /etc/passwd file.
  • Password, 13 character encrypted. A blank entry (eg. ::) indicates a password is not required to log in (usually a bad idea), and a ``*'' entry (eg. :*:) indicates the account has been disabled.
  • The number of days (since January 1, 1970) since the password was last changed.
  • The number of days before password may be changed (0 indicates it may be changed at any time)
  • The number of days after which password must be changed (99999 indicates user can keep his or her password unchanged for many, many years)
  • The number of days to warn user of an expiring password (7 for a full week)
  • The number of days after password expires that account is disabled
  • The number of days since January 1, 1970 that an account has been disabled
  • A reserved field for possible future use

2014年7月31日 星期四

Certificate Management Protocol (CMP)v2

[wiki] Certificate Management Protocol (CMP)
http://en.wikipedia.org/wiki/Certificate_Management_Protocol

The Certificate Management Protocol (CMP) is an Internet protocol used for obtaining X.509 digital certificates in a public key infrastructure (PKI). It is described in RFC 4210 and is one of two protocols so far to use the Certificate Request Message Format (CRMF), described in RFC 4211, with the other protocol being Certificate Management over CMS (CMC), described in RFC 5273.
http://tools.ietf.org/html/rfc4210
http://tools.ietf.org/html/rfc6712


3GPP
http://www.3gpp.org/
3GPP Specifications Groups Home
http://www.3gpp.org/specifications-groups/specifications-groups
3GPP Specifications Groups - TSG SA - SA3 - Security Home
http://www.3gpp.org/specifications-groups/sa-plenary/sa3-security/home

TS 133 310 - V12.2.0 - Universal Mobile Telecommunications System (UMTS); LTE; Network Domain Security (NDS); Authentication Framework (AF) (3GPP TS 33.310 version 12.2.0 Release 12) - ts_133310v120200p.pdf
http://www.etsi.org/deliver/etsi_ts/133300_133399/133310/12.02.00_60/ts_133310v120200p.pdf

CMP patch for OpenSSL | SourceForge.ne
http://sourceforge.net/projects/cmpforopenssl/

EJBCA - Open Source PKI Certificate Authority - Home
http://www.ejbca.org/


(2008.02.26)Re: CMPV2 - ReadList.com
http://readlist.com/lists/openssl.org/openssl-users/1/8423.html

CMP patch for OpenSSL | Free Security & Utilities software downloads at SourceForge.net
http://sourceforge.net/projects/cmpforopenssl/
An implementation of the Certificate Management Protocol (CMP) version 2, defined in RFC 4210, as a patch for OpenSSL. Long term goal is to provide an RFC compliant implementation and proof of concept client - and then offer it to the OpenSSL project





2014年7月30日 星期三

Abstract Syntax Notation One (ASN.1)

[wiki]  Abstract Syntax Notation One (ASN.1)
http://en.wikipedia.org/wiki/Abstract_Syntax_Notation_One

compiler - what does it mean "compile asn.1"? - Stack Overflow
http://stackoverflow.com/questions/14858838/what-does-it-mean-compile-asn-1

An ASN.1 specification describes messages that you would like to exchange with other machines. It does this in a manner that is independent of programming language or computer architecture. This means that to use the ASN.1 specification, a tool is needed to "compile" that ASN.1 specification, checking for syntax errors and some kinds of semantic errors before generating code for your target machine architecture in your target programming language to encode and decode the messages from the ASN.1 specification. Note that ASN.1 compilers generate C stuctures, Java classes, or C++ classes in addition to generating code for encoding and decoding messages based on the generated structures.

There is an excellent place to see an play with this process without dealing with actual generated code. There is an online ASN.1 compiler and runtime engine at http://asn1-playground.oss.com where you can compile ASN.1 specifications and encode/decode messages without writing any code in a target programming language.
ASN.1 Playground: free online compiler, encoder/decoder
http://asn1-playground.oss.com/

ASN.1 Tools
http://www.itu.int/en/ITU-T/asn1/Pages/Tools.aspx

asn1c: Lev Walkin → ASN.1 Exposed
http://lionet.info/asn1c/blog/

OSS Nokalva, Inc. — ASN.1 - Download Free Trial
http://www.oss.com/asn1/products/asn1-download.html






2014年7月27日 星期日

timezone

Sources for Time Zone and Daylight Saving Time Data
http://www.twinsun.com/tz/tz-link.htm

Olson database of timezones in posix.1 format
http://fixunix.com/ntp/68031-olson-database-timezones-posix-1-format.html

Zoneinfo contains historic and future timezone information and is not
limited to two offset values each year, or to algorithmic rules for
deciding when to change, which is why you can only substitute Posix format
code over limited time periods where those assumptions are valid.

If you want to enumerate all the possible timezone codes used by the
Olsen package, you should look at the source code for the rules.
Even if you don't have the source of the tables (which is free to download),
you can use zdump to enumerate all the changes for a particular file.
POSIX and Olson time zone formats
http://www.ibm.com/developerworks/aix/library/au-aix-posix/index.html?ca=dat
AIX Health Check - Olson time zone support
http://www.aixhealthcheck.com/blog?id=291
One of the biggest advantages is that Olson database maintains a historical record of what the time zone rules were at given points in time, so that if the rules change in a particular location, dates and times can be interpreted correctly both in the present and past. A good example of this is the US state of Indiana, which just began using daylight saving time in the year 2006. Under the POSIX implementation, Indiana would have to set its time zone value to EST5EDT, which would format current dates correctly using daylight saving time, but would also format times from previous years as though they were on daylight saving time, which is incorrect. Use of the ICU API set for time zones also allows for localized display names for time zones. For example, Central Daylight Saving Time would have an abbreviation of CDT for all locales under a POSIX implementation, but under ICU/Olson, it displays properly as HAC (Heure Avancée du Centre) in a French locale.
tz database - Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Tz_database

time - organization of zoneinfo folder - Ask Ubuntu
http://askubuntu.com/questions/34925/organization-of-zoneinfo-folder
If you install the tzdata source package, you will find all your answers:
sudo apt-get install apt-src
mkdir tzdata && cd tzdata
apt-src install tzdata
Specifically:
posix and right:
Two different versions are provided: - The "posix" version is based on the Coordinated Universal Time (UTC). - The "right" version is based on the International Atomic Time (TAI), and it includes the leap seconds.
Etc:
These entries are mostly present for historical reasons, so that people in areas not otherwise covered by the tz files could "zic -l" to a time zone that was right for their area. These days, the tz files cover almost all the inhabited world, and the only practical need now for the entries that are not on UTC are for ships at sea that cannot use POSIX TZ settings.
EST5EDT, ...:
GB, GB-Eire, GMT, GMT+0, GMT-0, GMT0, NZ, NZ-CHAT, PRC, ROC, ROK, UCT, UTC are there because the time zone names changed:
This file provides links between current names for time zones and their old names. Many names changed in late 1993.
CET, CST6CDT, EET, EST, EST5EDT, HST, MET, MST, MST7MDT, PST8PDT, WET are there for backwards compatibility.
From Arthur David Olson, 2005-12-19 We generate the files specified below to guard against old files with obsolete information being left in the time zone binary directory. We limit the list to names that have appeared in previous versions of this time zone package. We do these as separate Zones rather than as Links to avoid problems if a particular place changes whether it observes DST. We put these specifications here in the northamerica file both to increase the chances that they'll actually get compiled and to avoid the need to duplicate the US rules in another file.
dpkg - How do I change my timezone to UTC/GMT? - Ask Ubuntu
http://askubuntu.com/questions/138423/how-do-i-change-my-timezone-to-utc-gmt
$ date
Wed Jul 16 22:52:47 EDT 2014

$ cat /etc/timezone
America/New_York

$ sudo dpkg-reconfigure tzdata
$ service cron stop && service cron start
How to change timezone on Linux server? | Linux cPanel WebHosting Blog
http://www.theperfectarts.com/2009/11/how-to-change-timezone-on-linux-server/
root@admin[~]#date
Wed Nov 11 19:30:29 EST 2009
For example we are changing time zone  from EST to GMT.
root@admin[~]#ln -sf /usr/share/zoneinfo/GMT /etc/localtime
UbuntuTime - Changing the Time Zone
https://help.ubuntu.com/community/UbuntuTime

linux - Does NTP daemon set the host timezone? - Server Fault
http://serverfault.com/questions/194402/does-ntp-daemon-set-the-host-timezone
NTP does not handle time zones. All time data handled by NTP is in UTC; your local time zone setting determines the offset from there.
How time zones are handled with NTP?
http://www.meinbergglobal.com/english/faq/faq_32.htm
NTP does not regconize time zones, instead it manages all time informations based on UTC. In general the handling of time zones is a job of a computer's operating system. Under Windows, Linux and FreeBSD the system clock is based on UTC, the configured local time zone only is applied when a time information has to be displayed somewhere. Example: If you configure Windows to use your local time zone, the system clock continues with using UTC time. Only when the date/time is shown (e.g. in a clock application), it will be transformed from UTC into the locally configured timezone.

2014年7月23日 星期三

2014年7月8日 星期二

QCI and DSCP mapping

How QoS is managed in LTE system | beyond3g
http://beyond3g.wordpress.com/2010/12/21/how-qos-is-managed-in-lteeps-system/

  • On the radio interface
    1. Radio bearer control
    2. Scheduling
    3. Admission control
    4. Congestion control
    5. ICIC
  • On the transport (backhaul)
    1. DSCP
    2. Mapping DSCP with P-bit in VLAN
Quality of Service Overview - Technical Documentation - Support - Juniper Networks
http://www.juniper.net/techpubs/en_US/junos-mobility12.1/topics/concept/service-parameters-mobility-overview.html

Quality of Service (QoS) and Policy Management in Mobile Data Networks
http://www.ixiacom.com/pdfs/library/white_papers/policy_management.pdf

3GPP TR 29.839: Home (e)Node B - security gateway interface (Release 11)
http://www.qtc.jp/3GPP/Specs/29839-b00.pdf
5.2 H(e)NB procedures
5.2.1 General
The H(e)NB shall support DSCP marking on the IPsec header when forwarding the UE uplink traffic.
Based on H(e)NB configuration either the QCI mapping or the Reflective QoS may be used.
5.2.2 QCI mapping
The QCI mapping table contains a one-to-one mapping from QCI value to DSCP marking value. The QCI mapping
table is configured in the H(e)NB by the operator.
QCI | 4G University
http://4g-university.com/tag/qci/
Do we have DSCP marking on the outer IP header (the one above GTP) and how do they look? What specification relate to this topic?

Answer:
Specifications that relate to the S1 interface (also touching the QoS aspects) are TS 36.410, TS 36.411, TS 36.412, TS 36.413 and TS 36.414.

The technical specification TS 36.414 section 5.4 Diffserv code point marking says:
“IP Differentiated Services code point marking [4] shall be supported. The mapping between traffic categories and Diffserv code points shall be configurable by O&M based on QoS Class Identifier (QCI) Characteristics and others E-UTRAN traffic parameters. Traffic categories are implementation-specific and may be determined from the application parameters”

which means, that there is DSCP marking, but it is defined by a specific implementation.

how QCI map to the DSCP ??? And DSCP mapping table will be made in router ?? | LinkedIn
http://www.linkedin.com/groups/how-QCI-map-DSCP-DSCP-1180727.S.246097683
The SGW, PGW, and eNB all contain QCI to DSCP markings. During bearer setup, the QCI values are communicated from the HSS/PCRF to the PGW, SGW, & eNB. The adjacent routers need only to enforce the DSCP markings set by the EPC elements.

(.......)

QCI-to-DSCP mapping cannot be fixed by 3GPP standard as it depends on transmission network design. Transmission equipments must prioritze the IP packets according to the service they are carrying, so the mapping must be configured according to TX network.

(.......)

QCI DSCP Example 3GPP service
-------------------------------------
1 EF conversational voice
2 EF conversational video
3 EF real-time gaming
4 AF41 buffered streaming
5 AF31 IMS signaling
6 AF31 buffered streaming
7 AF21 interactive gaming
8 AF11 web access
9 BE e-mail

(.......)

QCI DSCP
1 EF
2 EF
3 EF
4 AF41
5 AF31
6 AF32
7 AF21
8 AF11
9 BE

(.......)

DSCP is field in IP header, QCI is end to end parameter mapped in each part of the network in different parameters or group of parameters (in radio interface, transmission network..). DSCP value mapping to QCI is mapping for prioritizing bearers in transmission network and can be (and will be) done on P-GW, S-GW and eNB: Mapping which you configure on eNB will take place in up-link: when eNodeB has to transmit IP packet which carries GTP packet corresponding to bearer with CQIQCI 7, eNB will add DSCP value which (according to what you have configured on eNB) corresponds to QCI7 in IP header of that IP package. Important is to emphasize that eNB itself, when receive down-link package, does not care for received DSCP in IP header (placed by S-GW), eNB does not compare recieved DSCP with configured DSCP on eNB for that QCI - moreover, those 2 DSCP values (for UL and DL) can be different, depending of transmission network. What you configure on S-GW for S1 will take place on S1 down-link in the same way as described for eNB... And analogically for other cases...


IPSec and DSCP

QoS and IPSec interactions | CCIE, the beginning!
http://cciethebeginning.wordpress.com/2011/02/02/qos-and-ipsec-interactions/

Enterprise QoS Solution Reference Network Design Guide - IPSec VPN QoS Design [Design Zone for IPv6] - Cisco
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/QoS-SRND-Book/IPSecQoS.html#pgfId-44642

Feature #166: DSCP config in StrongSwan
http://wiki.strongswan.org/issues/166

strongSwan does not provide DSCP specific functionality but the DSCP example in our test suite might give you an idea how to configure it using iptables and XFRM marks.
Test ikev2/net2net-psk-dscp
http://www.strongswan.org/uml/testresults/ikev2/net2net-psk-dscp/index.html

[strongSwan] DSCP support in new version of strongswan
https://lists.strongswan.org/pipermail/users/2010-October/000853.html


2014年6月21日 星期六

IPSec/strongswan failures and checkpoints

FAIL_CP_REQ
Add

leftsourceip=%config
leftdns=%dns

TS_UNACCEPTABLE
Check left|right subnet and proto settings.

NO_PROPOSAL_CHOSEN
check ike=XXX and esp=XXX

libopenikev2: openikev2::Payload_NOTIFY Class Reference
http://openikev2.sourceforge.net/libopenikev2_api/classopenikev2_1_1Payload__NOTIFY.html
UNSUPPORTED_CRITICAL_PAYLOAD Unsupported critical payload.
INVALID_IKE_SPI Invalid IKE SPI.
INVALID_MAJOR_VERSION Invalid Major Version.
INVALID_SYNTAX Invalid syntax.
INVALID_MESSAGE_ID Invalid message ID.
INVALID_SPI Invalid SPI.
NO_PROPOSAL_CHOSEN No proposal chosen.
INVALID_KE_PAYLOAD Invalid KE payload.
AUTHENTICATION_FAILED Authentication failed.
SINGLE_PAIR_REQUIRED Single pair required.
NO_ADDITIONAL_SAS No additional SAs.
INTERNAL_ADDRESS_FAILURE Internal address failure.
FAILED_CP_REQUIRED Failed Configuration Payload required.
TS_UNACCEPTABLE Traffic selector unacceptable.
INVALID_SELECTORS Invalid selectors.
INITIAL_CONTACT Initial contact.
SET_WINDOW_SIZE Set window size.
ADDITIONAL_TS_POSSIBLE Additional Traffic selector possible.
IPCOMP_SUPPORTED IPcomp supported.
NAT_DETECTION_SOURCE_IP NAT detection source ip.
NAT_DETECTION_DESTINATION_IP NAT detection destination ip.
COOKIE Cookie.
USE_TRANSPORT_MODE Use transport mode.
HTTP_CERT_LOOKUP_SUPPORTED HTTP certificate lookup supported.
REKEY_SA Rekey SA.
ESP_TFC_PADDING_NOT_SUPPORTED ESP TFC padding not supported.
NON_FIRST_FRAGMENT_ALSO Non first fragment also.

GRE over IPSec tunnels between Cisco and Linux

Stuff: GRE over IPSec tunnels between Cisco and Linux (openswan)
http://ghergamilan.blogspot.tw/2010/06/gre-over-ipsec-tunnels-between-cisco.html

        leftprotoport=47                       #match the GRE traffic, this line is very important
        rightprotoport=47                     #match the GRE traffic

2014年6月11日 星期三

LTE Security: IPSec


http://www.qtc.jp/3GPP/Specs/33401-860.pdf

11 Network Domain Control Plane protection

The protection of IP based control plane signalling for EPS and E-UTRAN shall be done according to TS 33.210 [5].

NOTE1: In case control plane interfaces are trusted (e.g physically protected), there is no need to use protection according to TS 33.210[5].

In order to protect the S1 and X2 control plane, it is required to implement IPSec ESP according to RFC 4303[7] as specified by TS 33.210[5]. For both S1-MME and X2-C, IKEv2 certificates based authentication according to TS 33.310[6] shall be implemented. For S1-MME and X2-C, tunnel mode IPSec is mandatory to implement on the eNB. On the core network side a SEG may be used to terminated the IPSec tunnel.

Transport mode IPSec is optional for implementation on the X2-C and S1-MME.

NOTE 2: Transport mode can be used for reducing the protocol overhead added by IPSec.

12 Backhaul link user plane protection

The protection of user plane data between the eNB and the UE by user specific security associations is covered by clause 5.1.3 and 5.1.4.


In order to protect the S1 and X2 user plane as required by clause 5.3.4, it is required to implement IPSec ESP according to RFC 4303[7] as profiled by TS 33.210[5], with confidentiality, integrity and replay protection.

On the X2-U and S1-U, transport mode IPSec is optional for implementation.

Tunnel mode IPSec is mandatory to implement on the eNB for X2-U and S1-U. On the core network side a SEG may be used to terminate the IPSec tunnel.

For both S1 and X2 user plane, IKEv2 with certificates based authentication shall be implemented. The certificates shall be implemented according to the profile described by TS 33.310[6]. IKEv2 shall be implemented conforming to the IKEv2 profile described in TS 33.310[6].

NOTE 2: In case S1 and X2 user plane interfaces are trusted (e.g. physically protected), the use of IPSec/IKEv2 based protection is not needed.
For X2 interface, we could:
  1. Setupt eNB-to-eNB IPSec transport link
  2. Send eNB-to-eBN traffic via SecGW
No resource found for method 1.
The following suggest method 2:

LTE transport network security
http://www.ieee-cqr.org/2012/May15/Session%202/2_Jason_Boswell_NSN%20LTE%20Security.pdf

Radio-to-core  protection in LTE
http://www.stoke.com/GetFile.asp?f=9da2433463cb8e11f41bd6213c67303e

2014年6月10日 星期二

Getting a list of used libraries by a running process

osx - Getting a list of used libraries by a running process (unix) - Stack Overflow
http://stackoverflow.com/questions/2184775/getting-a-list-of-used-libraries-by-a-running-process-unix

cat /proc/$pid/maps
or
pldd

2014年6月6日 星期五

LTE notes

The LTE Network Architecture - Alcatel-Lucent | At the Speed of Ideas
http://www3.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Docs_and_Resource_Ctr&LMSG_CONTENT_FILE=White_Papers/CPG0599090904_LTE_Network_Architecture_EN_StraWhitePaper.pdf




eNodeB (evolved NodeB)
UE (user equipment)
PDN (packet data network)
EPC (evolved packet core)
EPS (evolved packet system)
EPS bearer: an IP packet flow with a defined QoS between the gateway and the UE
CN (core network)
SAE (system architecture evolution): evolution of non-radio aspect.

EPC is consist of the following logical nodes:

  • P-GW (PDN Gateway)
  • S-GW (Serving Gateway)
  • MME (Mobility Management Entity)
  • PCRF (Policy Ccontrol and charging Rules Functions)
  • HSS (Home Subscriber Server)

NAS (Non Access Stratum)
AS (Access Stratum) protocol: The protocol running between eNodeBs and UE
S-TMSI (SAE Temporary Mobile Subscriber Identification)
TA (Tracking Area)




S1 interface: Interface that connect eNodeB and EPC
S1-MME interface: Interface that connect eNodeB and MME
S1-U interface: Interface that connect eNodeB and S-GW
X2 interface: eNodeB interconnected to each other by X1.
S1-flex: the feature of S1 interface linking the access network to the CN
MME/S-GW pool: The set of MME/S-GW nodes that serves a common area.
pool area: the area covered by MME/S-GW pool


TR-196: Femto Access Point Service Data Model
http://www.broadband-forum.org/technical/download/TR-196.pdf
[wiki] TR-196
http://en.wikipedia.org/wiki/TR-196
As a bidirectional SOAP/HTTP-based protocol, it provides the communication between customer-premises equipment (CPE) and Auto Configuration Servers (ACS). TR-069 is a more generic which address various devices such as modems, routers, gateways, set-top box, and VoIP-phones. TR-196 primary objective is to provide data model very specific to Femto Access Point(FAP)

E-UTRAN: responsible for radio-related functions:
  • RRS (Radio resource management)
  • Header Compression
  • Security
  • Connectivity to the EPC

RAN (Radio Access Network)
PMIP (Proxy Mobile Internet Protocol)
PLMN (Public Land Mobile Network)


blue region of the stack is the E-UTRAN user plane protocol stack

GTP (GPRS Tunnel Protocol): 3GPP-specific protocol over CN interfaces, S1 and S5/S8.
PDCP (Packet Data Convergence Protocol)
RLC (Radio Link Control)
MAC (Medium Access Control)
blue region of the stack indicate the AS protocol.

RRC (Radio Resource Control) protocol

Bearers:
  • GBR (Minimum guaranteed bit rate)
  • Non-GBR
QCI (QoS class identification)
ARP (Allocation and Retention Priority)

AM (Acknowledge Mode)
LTE-Uu: radio interface

EPS bearer
S5/S8 bearer
S1 bearer
radio bearer


TFT (Traffic Flow Template)
UL TFT (Uplink TFT)
DL TFT (Downlink TFT)

PCEF (Policy Control Enforcement Function)

bearer level QoS parameter value is passed from:
PCRF -> P-GW -> S-GW -> --(S11)--> MME

PCC (Policy Control and Charging)


SONs (Self-optimizing networks)
SS7 (Signal System #7)

S1 Control plane:
SCTP(Stream Control Transmission Protocol)/IP
S1-AP (Application Protocol)


S1 User Plane:
TEID (Tunnel End ID)
TNL (Transport Network Layer)
HOL (Head-of-line blocking)

[wiki] Head-of-line blocking
http://en.wikipedia.org/wiki/Head-of-line_blocking

NNSF (NAS Node Selection Function)

X2 handover
S1 handover

UMTS Serving Radio Network Subsystem (SRNS) relocation procedure


S1 handover:



ANRF (automatic neighbor relation function)
PCI (Physical Cell Identity)
eNB Configuration Transfer procedure
automatic self-configuration of the PCIs
O&M (Operation and Maintenance)
SN (Sequence Number)
HFN (Hyper Frame Number)



selective retransmissions
multiple preparation
RRM (Radio resource management)








2014年5月22日 星期四

strongSwan id (IPSec IDR) setting

4.3 Configuring the peer side using CA certificates
http://www.strongswan.org/docs/readme4.htm#section_4.3

The ID by which a peer is identifying itself during IKE main mode can by any of the ID types IPV4_ADDR, FQDN, USER_FQDN or DER_ASN1_DN. If one of the first three ID types is used, then the accompanying X.509 certificate of the peer must contain a matching subjectAltName field of the type ipAddress (IP:), dnsName (DNS:) or rfc822Name (email:), respectively. With the fourth type DER_ASN1_DN, the identifier must completely match the subject field of the peer's certificate. One of the two possible representations of a Distinguished Name (DN) is the LDAP-type format
     rightid="C=CH,O=Linux strongSwan, CN=sun.strongswan.org"
Additional whitespace can be added everywhere as desired since it will be automatically eliminated by the X.509 parser. An exception is the single whitespace between individual words , like e.g. in Linux strongSwan, which is preserved by the parser.
The Relative Distinguished Names (RDNs) can alternatively be separated by a slash ( '/')  instead of a comma (',')
rightid="/C=CH/O=Linux strongSwan/CN=sun.strongswan.org"
This is the representation extracted from the certificate by the OpenSSL command line option
openssl x509 -in sunCert.pem -noout -subject
Re: [strongSwan] rightid (Ipsec with Certificates)
https://www.mail-archive.com/users@lists.strongswan.org/msg04084.html
rightid and leftid are required to prevent an endpoint having
a valid and trusted certificate to take on the identity of another
endpoint (e.g. a client acting as the SEGW).
The leftid must exactly match either the subjectDistinguishedName or
a subjectAltName in the leftcert. rightid must match the identity
of the remote endpoint but may contain wildcards, the most general
being rightid=%any which returns a full match for any id. rightid
is sent by the initiator in the optional IDr payload in order to
assist the remote endpoint in the selection of the identity to be
used if the remote endpoint has multiple identities (e.g. multiple
certificates). If rightid contains at least one wildcard ('*' character)
then IDr is omitted but the the responder must always return its
full IDr not containing any wildcards.

In your first example where you define

  rightid="C=*, O=*, OU=*, CN=*"

the IDr payload is not sent by the initiator and the responder
returns an IDr of the form

 "O=Alcatel, CN=654...@alcatel-lucent.com"

which does not match your rightid template because the C= and OU=
RDNs are missing and the following local error is produced:

constraint check failed: identity 'C=*, O=*, OU=*, CN=*' required
selected peer config '30' inacceptable
no alternative config found

In order for your example to work you must either define

  rightid="O=*, CN=*"

or if you don't know exaclty which type of RDNs are used by the
SEGW in its certificate just

  rightid=%any

Please be aware that the use of wildcards makes your endpoints
vulnerable to kind of man-in-the-middle attacks mentioned in the
first paragraph.

In your second example you didn't specify any rightid. In that case
by default the IP address specified by right is used as rightid, i.e.

  rightid=172.21.11.181

Since this IDr is not contained in the SEGW's certificate the
remote error

parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
received AUTHENTICATION_FAILED notify error

is received.
Re: [strongSwan] understanding %fromcert
https://www.mail-archive.com/users@lists.strongswan.org/msg06371.html
leftid=%fromcert
is an OpenSwan option not supported by strongSwan. The strongSwan
configuration is

  leftcert=carolCert.pem
  leftid=ca...@strongswan.org

or simply

  leftcert=carolCert.pem

If leftid is missing then left, i.e. the IP address is chosen by
default for leftid but since the IP address usually is not
contained as a subjectAltName in the certificate, the fallback
is for leftid to assume the value of the subject Distinguished
Name as e.g.

  leftid="C=CH, O=strongSwan, CN=ca...@strongswan.org"
'Re: [strongSwan] FQDN based certificate authentication for ikev2' - MARC
https://www.assembla.com/spaces/wbgi-tpe
if you want to use FQDNs as IDs then you must set rightid and
leftid accordingly:

On the initiator 10.0.0.2:

   left=10.0.0.2
   leftcert="/etc/ipsec/certs/ipsec.d//certs/ib-cert.pem"
   leftid=ib.atca.nsn.com
   right=10.0.0.1
   rightid=cla.atca.nsn.com

On the responder 10.0.0.1:

   left=10.0.0.1
   leftcert="/etc/ipsec/certs/ipsec.d//certs/cla-cert.pem"
   leftid=cla.atca.nsn.com
   right=%any
'Re: [strongSwan] Cannot set ID to FQDN with certificate loaded,' - MARC
http://marc.info/?l=strongswan-users&m=121804213112206
subjectAltNames don't go into the Distinguished Name (DN) itself as you
did in

[O=MyCo Ltd, OU=SW, L=Swindon, ST=Wiltshire, C=GB, CN=sgw.myco.com,
subjectAltName=sgw.myco.co]

but into an X.509v3 certificate extension. Enter the subjectAltName
in the form

subjectAltName=DNS:sgw.myco.com

in the appropriate place in your openssl.cnf file before you generate
your certificate.
QA Cafe - Knowledgebase - How do I display the contents of a SSL certificate?
https://lounge.qacafe.com/kb/articles/show/153

# openssl x509 -in acs.qacafe.com.pem -text
 
 
 
 

Certificates


Public key certificate - Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Public_key_certificate

Certificate Signing Request (CSR)

Certificate signing request - Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Certificate_signing_request

How To Generate SSL Key, CSR and Self Signed Certificate For Apache
http://www.thegeekstuff.com/2009/07/linux-apache-mod-ssl-generate-key-csr-crt-file/

# openssl req -new -key www.thegeekstuff.com.key -out www.thegeekstuff.com.csr

Setting-up a Simple CA Using the strongSwan PKI Tool - SimpleCA - strongSwan - strongSwan
http://wiki.strongswan.org/projects/strongswan/wiki/SimpleCA


The Most Common OpenSSL Commands
http://www.sslshopper.com/article-most-common-openssl-commands.html

2014年5月21日 星期三

Convertion between hex string and binary: XXD

Binary to Hex:

# echo 0123456789abcdef0123456789abcdef | xxd
0000000: 3031 3233 3435 3637 3839 6162 6364 6566  0123456789abcdef
0000010: 3031 3233 3435 3637 3839 6162 6364 6566  0123456789abcdef
0000020: 0a   

# echo 0123456789abcdef0123456789abcdef | xxd -g1
0000000: 30 31 32 33 34 35 36 37 38 39 61 62 63 64 65 66  0123456789abcdef
0000010: 30 31 32 33 34 35 36 37 38 39 61 62 63 64 65 66  0123456789abcdef
0000020: 0a                                               .

# echo 0123456789abcdef0123456789abcdef | xxd -i
  0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62,
  0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x0a

Hex string to binary:
# echo 0123456789abcdef0123456789abcdef | xxd    | xxd -r
0123456789abcdef0123456789abcdef

# echo 0123456789abcdef0123456789abcdef | xxd -g1| xxd -r
0123456789abcdef0123456789abcdef

# echo 0123456789abcdef0123456789abcdef | xxd -i | xxd -r -p
0123456789abcdef0123456789abcdef
# echo 0123456789abcdef0123456789abcdef | xxd -r -p | xxd
0000000: 0123 4567 89ab cdef 0123 4567 89ab cdef  .#Eg.....#Eg....

2014年5月20日 星期二

strongswan IPSec related route

Issue #467: What if I use 0.0.0.0/0 as leftsubnet and rightsubnet in ipsec.conf - strongSwan - strongSwan - IKEv2/IPsec VPN for Linux, Android, FreeBSD, Mac OS X
http://wiki.strongswan.org/issues/467

A route is installed in routing table 220 by default (use ip route list table 220 to view it).

2014年4月8日 星期二

CRL and OCSP

Revocation list - Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Revocation_list


Online Certificate Status Protocol - Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol

What is OCSP (Online Certificate Status Protocol)? - Definition from WhatIs.com
http://searchsecurity.techtarget.com/definition/OCSP

PUBLIC KEY INFRASTRUCTURE CERTIFICATE REVOCATION LIST VERSUS ONLINE CERTIFICATE STATUS PROTOCOL
http://www.cisco.com/c/dam/en/us/products/collateral/ios-nx-os-software/public-key-infrastructure-pki/product_data_sheet0900aecd80313df4.pdf

How Certificate Revocation Works
http://technet.microsoft.com/en-us/library/ee619754%28v=ws.10%29.aspx

Revisiting SDIO


Latest Simplified Specifications - SD Association
https://www.sdcard.org/downloads/pls/simplified_specs/

SD Specifications, Part E1, SDIO Simplified Specification, Version 2.00, February 8, 2007
https://www.sdcard.org/developers/overview/sdio/sdio_spec/Simplified_SDIO_Card_Spec.pdf

SD Specifications, Part 1, Physical Layer Simplified Specification, Version 4.10, January 22, 2013
https://www.sdcard.org/downloads/pls/simplified_specs/part1_410.pdf

Secure Digital - Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Secure_Digital

Secure Digital - Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Secure_Digital#SDIO

2014年4月6日 星期日

Revisting OCF

Open Cryptographic Framework for Linux | Free Security & Utilities software downloads at SourceForge.net
http://sourceforge.net/projects/ocf-linux/?source=navbar

The Design of the OpenBSD Cryptographic Framework
http://www.openbsd.org/papers/ocf.pdf

Netkey + Openswan + OCF && H/W acceleratorsdrivers == kernel crash/panic - ReadList.com
http://readlist.com/lists/openswan.org/users/2/12666.html

OCF Hardware crypto acceleration - Swan
https://supo.libreswan.org/wiki/OCF_Hardware_crypto_acceleration

Understanding Cryptographic Performance
http://www.embeddeddeveloper.com/news_letter/files/CRYPTOWP_Rev2.pdf

2014年4月2日 星期三

Openswan vs strongswan


Openswan vs strongSwan | Computing | Pariah Zero
http://www.pariahzero.net/Blog/files/e7d5abf84a96640d5cd70dd0dfb3d200-71.html

Using a Linux L2TP/IPsec VPN server
http://www.jacco2.dds.nl/networking/openswan-l2tp.html

Openswan - Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Openswan
Openswan has been forked to Libreswan in 2012.

Libreswan - Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Libreswan

2014年3月27日 星期四

MS-DOS 原始碼:髒話笑話滿天飛


崩潰的 MS-DOS 原始碼:髒話笑話滿天飛 | TechNews 科技新報
http://technews.tw/2014/03/27/microsoft-early-code-contains-hidden-jokes/

彩蛋 (視覺) - 维基百科,自由的百科全书
http://zh.wikipedia.org/wiki/%E5%BD%A9%E8%9B%8B_%28%E8%A6%96%E8%A6%BA%29

2014年3月10日 星期一

Network Indicator dissapeared

sudo apt-get -f install --reinstall indicator-network
sudo apt-get install network-manager

Ubuntu isc-dhcp-client status

Lease information: /var/lib/dhcp/dhclient.leases

2014年2月23日 星期日

Waldorf school in California

Google "waldorf school in california"

Waldorf Schools | California | K12 Academics
http://www.k12academics.com/national-directories/waldorf-school/California#.UwkoSNt4ib4

Waldorf of the Peninsula | A RENAISSANCE EDUCATION… in the Silicon Valley
http://waldorfpeninsula.org/

Google "public waldorf school in california"

Charter school - Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Charter_school

Find a School | Alliance for Public Waldorf Education
http://www.allianceforpublicwaldorfeducation.org/find-a-school/

特許學校(Charter Schools)不是公辦民營,而是公費補助、民辦民營 - 思考者的網誌:成就仁德、智慧、正義、與公理的社會 - udn部落格
http://blog.udn.com/ubhuang/4941622

美國特許學校(Charter school)的美麗與哀愁 @ 閱讀與生活筆記 :: 隨意窩 Xuite日誌
http://blog.xuite.net/kc6191/study/29320861-%E7%BE%8E%E5%9C%8B%E7%89%B9%E8%A8%B1%E5%AD%B8%E6%A0%A1%28Charter+school%29%E7%9A%84%E7%BE%8E%E9%BA%97%E8%88%87%E5%93%80%E6%84%81

2014年2月11日 星期二

Install Adobe Flash Player

Download Adobe flash player

Adobe - Install Adobe Flash Player
get.adobe.com/flashplayer/

Then do the following:

rm flash -p
mkdir flash -p
tar xf install_flash_player_11_linux.x86_64.tar.gz  -C flash/
sudo cp -v libflashplayer.so /usr/lib/firefox-addons/plugins/
sudo cp usr/* /usr/ -a
Restart Firefox.

In Firefox, type about:plugins in the Location bar to confirm that the Adobe Flash Player is loaded.

3TB USB HD is showing up as 801GB

64-bit Ubuntu 13.10

I have 2 eSense USB to IDE/SATA adaptor, and I thought they do support 3T HD, for I used it to connect to PC/Windows and my movie player, and both works fine.

I want to use it to access a 3T HD used to store data in Linux on a 64-bit Ubuntu 13.10. But it cannot get the size correctly.

With eSense USB ;to IDE & SATA Adaptor 07-ESJ985

usb 2-1: new high-speed USB device number 8 using xhci_hcd
usb 2-1: New USB device found, idVendor=152d, idProduct=2338
usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=5
usb 2-1: Product: USB to ATA/ATAPI Bridge
usb 2-1: Manufacturer: JMicron
usb 2-1: SerialNumber: 222271F14582

usb-storage 2-1:1.0: USB Mass Storage device detected
scsi9 : usb-storage 2-1:1.0
scsi 9:0:0:0: Direct-Access     ST3000DM 001-1CH166            PQ: 0 ANSI: 2 CCS
sd 9:0:0:0: Attached scsi generic sg1 type 0
sd 9:0:0:0: [sdb] 1565565872 512-byte logical blocks: (801 GB/746 GiB)
sd 9:0:0:0: [sdb] Write Protect is off
sd 9:0:0:0: [sdb] Mode Sense: 00 38 00 00
sd 9:0:0:0: [sdb] Asking for cache data failed
sd 9:0:0:0: [sdb] Assuming drive cache: write through
sd 9:0:0:0: [sdb] Asking for cache data failed
sd 9:0:0:0: [sdb] Assuming drive cache: write through
 sdb:
sd 9:0:0:0: [sdb] Asking for cache data failed
sd 9:0:0:0: [sdb] Assuming drive cache: write through
sd 9:0:0:0: [sdb] Attached SCSI disk
My Win8 still can identify the 3T HD with the eSense adaptor, but partition not identified.

After some googling, the following is the one seems most likely to my case:

Gentoo Forums :: View topic - 3TB USB HD is showing up as 801GB
http://forums.gentoo.org/viewtopic-p-6653133.html

Same behavior with 32-bit Ubuntu 12.04, with CONFIG_LBDAF enabled. So I don't think CONFIG_LBDAF is the root cause.
 
Finally I decided to buy a new adaptor that do claim 3TB support. And it just works!!!

DigiFusion USB3.0 To IDE & SATA (U3I-692) Support 4TB wih 5Gbps(?)
usb 3-2: new SuperSpeed USB device number 3 using xhci_hcd
usb 3-2: New USB device found, idVendor=067b, idProduct=2773
usb 3-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
usb 3-2: Product: ATAPI-6 Bridge Controller
usb 3-2: Manufacturer: Prolific Technology Inc.
usb 3-2: SerialNumber: 0123456789000000005

usb 3-2: Set SEL for device-initiated U1 failed.
usb 3-2: Set SEL for device-initiated U2 failed.
usb-storage 3-2:1.0: USB Mass Storage device detected
scsi8 : usb-storage 3-2:1.0
usb 3-2: Set SEL for device-initiated U1 failed.
usb 3-2: Set SEL for device-initiated U2 failed.
scsi 8:0:0:0: Direct-Access     ST3000DM 001-1CH166       CC43 PQ: 0 ANSI: 0
sd 8:0:0:0: Attached scsi generic sg1 type 0
sd 8:0:0:0: [sdb] Very big device. Trying to use READ CAPACITY(16).
sd 8:0:0:0: [sdb] 5860533168 512-byte logical blocks: (3.00 TB/2.72 TiB)
sd 8:0:0:0: [sdb] Write Protect is off
sd 8:0:0:0: [sdb] Mode Sense: 03 00 00 00
sd 8:0:0:0: [sdb] No Caching mode page found
sd 8:0:0:0: [sdb] Assuming drive cache: write through
sd 8:0:0:0: [sdb] Very big device. Trying to use READ CAPACITY(16).
sd 8:0:0:0: [sdb] No Caching mode page found
sd 8:0:0:0: [sdb] Assuming drive cache: write through
GPT:Primary header thinks Alt. header is not at the end of the disk.
GPT:1565565871 != 5860533167
GPT:Alternate GPT header not at the end of the disk.
GPT:1565565871 != 5860533167
GPT: Use GNU Parted to correct GPT errors.
 sdb: sdb1
sd 8:0:0:0: [sdb] Very big device. Trying to use READ CAPACITY(16).
sd 8:0:0:0: [sdb] No Caching mode page found
sd 8:0:0:0: [sdb] Assuming drive cache: write through
sd 8:0:0:0: [sdb] Attached SCSI disk
EXT4-fs (sdb1): mounted filesystem with ordered data mode. Opts: (null)

Ubuntu 13.10, 14.04, 15.10, 16.04

[System Settings] -> [Appearance] -> [Behavior] -> [Enable Workspaces]
(14.04)[System Settings] -> [Appearance] -> [Behavior] -> [Show the menu for a widow] -> [Set to "In the window's title bar"]
[System Settings] -> [Languagu Support] -> (install all package) -> [Install/Remove Language] -> (add Traditional Chinese, Japanese)

sudo apt-get install
vim htop tree rpm2cpio meld unrar tofrodos tmux

minicom tftp-hpa tftpd-hpa openssh-server samba lftp

git-core git-svn git-cvs git-email tig subversion cvs exuberant-ctags gitk tig

bison cpp flex g++ gcc gettext texinfo patch patchutils libncurses5-dev u-boot-tools python-xcbgen automake texlive libtool build-essential libncurses5-dev zlib1g-dev gawk ccache gettext libssl-dev xsltproc g++ zlib1g-dev gawk libncurses5-dev libc6:i386 mtd-utils

virtualbox

firefox addon
xmark, Block ads

Ubuntu 13.10 中文輸入法
http://mkl-note.blogspot.tw/2014/02/ubuntu-1310.html
Ubuntu 14.04 的中文輸入法...唉
http://mkl-note.blogspot.tw/2015/01/ubuntu-1404.html
為什麼的「麼」打不出來?? - Google Groups
https://groups.google.com/forum/#!topic/chewing-devel/8VnzaqsniRI
剛才看了一下新酷音給的字檔、辭檔,「麼」有這些讀音:
ㄇㄚˊ, ㄇㄚ˙, ㄇㄛˊ, ㄇㄜ˙

sudo apt-get install ibus-chewing
Reboot is needed.
[System Settings] -> [Text Entry] 
Or go to the top-right corner to click [En] -> [Text Entry Settings]
Click on [+] -> [Select Chinese (Chewing)]
Japanese (Mozc) 有羅馬拼音輸入法

Config gitmkl Note: Learning GIT
http://mkl-note.blogspot.com/2008/12/learning-git.html
git config --global user.name "Your Name Comes Here"
git config --global user.email you@yourdomain.example.com

git config --global color.diff auto;
git config --global color.status auto;
git config --global color.branch auto;

git config --global alias.r rebase;
git config --global alias.rc "rebase --continue";
git config --global alias.ra "rebase --abort";
git config --global alias.rk "rebase --skip";
git config --global alias.st status;
git config --global alias.bi bisect;
git config --global alias.br branch;
git config --global alias.ci commit;
git config --global alias.cia "commit --amend";
git config --global alias.co checkout;
git config --global alias.f fetch;
git config --global alias.cp cherry-pick;
git config --global alias.ap "add -p";

git config --global branch.autosetuprebase always;
git config --global core.autocrlf false
dash -> bash
sudo rm /bin/sh ; sudo ln -s /bin/bash /bin/sh

http://mkl-note.blogspot.tw/search?q=ssh+key
user=user
server=server
ssh-keygen -t rsa
scp ~/.ssh/id_rsa.pub $user@$server:~
ssh $user@$server "mkdir -p ~/.ssh/ ; cat ~/id_rsa.pub >> ~/.ssh/authorized_keys; rm -v ~/id_rsa.pub"

(14.04) /etc/fstab, add the following line for "mount -bind":
/home/tftpboot /var/lib/tftpboot none bind 0 0

Enable subversion save password
http://mkl-note.blogspot.tw/2015/01/save-password-in-subversion.html

mkl Note: Install Adobe Flash Player
http://mkl-note.blogspot.tw/2014/02/install-adobe-flash-player.html

Webex
mkl Note: Download and Install Java on Ubuntu 12.04
http://mkl-note.blogspot.tw/2013/09/download-and-install-java-for-linux.html
(2016.12.23: Now even with 16.04, still cannot connect to Webex, saying my browser is not supported.)

Line
於 Ubuntu Linux 15.04 安裝 LINE - Tsung's Blog
https://blog.longwin.com.tw/2015/07/ubuntu-linux-install-line-2015/

Teamviewer
TeamViewer Linux Download
https://www.teamviewer.com/en/download/linux/
 

2014年2月10日 星期一

Ubuntu 13.10 中文輸入法


右上角點 [Text Entry: En: English (US)] -> [Text Entry Settings] -> ["+"] -> [Chinese (Chewing)]
簡單很多,但是每版都在變,每次都要查

下載 Ubuntu 13.10 每日 ISO 體驗 Ubuntu 13.10 [論壇 - 自由軟體中文翻譯討論] | Ubuntu 正體中文站
http://www.ubuntu-tw.org/modules/newbb/viewtopic.php?post_id=29942

2014年2月7日 星期五

Booting Ubuntu 13.10 Live CD to command line (recovery mode)


Ubuntu liveUSB(ubuntu-13.10-desktop-amd64.iso)
MSI GE70, i5-4200M, Nvidia GeForce GT 750M / 2GB GDDR5



In GRUB menu on the item "Try Uuntu without installing",  type "e" to edit the boot commands. At the line start with "linux", replace the following:
quiet splash
with
ro recovery nomodeset
Then type "F10" to boot.

After it boot, screen black out. I thought it crashed again, but it's just in virtual terminal 7 without X initialized. I got command line after switching to other virtual terminals (Ctrl-Alt-F1 to F6)


Kernel Command Line Parameters
http://distro.ibiblio.org/fatdog/web/faqs/boot-options.html

grub2 - How to boot to the recovery mode if it is not listed in Grub? - Ask Ubuntu
http://askubuntu.com/questions/326528/how-to-boot-to-the-recovery-mode-if-it-is-not-listed-in-grub

10 boot time parameters you should know about the Linux kernel - nixCraft
http://www.cyberciti.biz/tips/10-boot-time-parameters-you-should-know-about-the-linux-kernel.html

Ubuntu 14.04 (Trusty Tahr) Daily Build
http://cdimage.ubuntu.com/daily-live/current/

2014年2月4日 星期二

JFFS2: "Magic bitmask 0x1985 not found"

mkfs.jffs2  -s 0x20000 -e 0x20000 -p 0x400000 -d  ./rootfs -o rootfs.jffs2

flash_eraseall -j /dev/mtd2
dd if=rootfs.jffs2 of=/dev/mtdblock2

mount -t jffs2 /dev/mtdblock2 /mnt


I cannot mount JFFS2 and see "Magic bitmask 0x1985 not found" messages

http://www.linux-mtd.infradead.org/faq/jffs2.html
http://www.linux-mtd.infradead.org/faq/jffs2.html#L_magicnfound

2014年1月19日 星期日

[Ubuntu] How to read a multipage tiff?

evince - Document Viewer

images - Read a multipage tiff? - Ask Ubuntu
http://askubuntu.com/questions/33491/read-a-multipage-tiff

[all variants] Need a TIFF viewer that can handle multiple pages.
http://ubuntuforums.org/showthread.php?t=1476756

2014年1月15日 星期三

GIT: How to tell a file is binary or text?

How to determine if Git handles a file as binary or as text? - Stack Overflow
http://stackoverflow.com/questions/6119956/how-to-determine-if-git-handles-a-file-as-binary-or-as-text

  1. git diff-tree -p 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD -- XXXX
  2. git diff-tree --numstat 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD -- XXXX
  3. git grep -I --name-only -e "" -- XXXX

4b823d… is a magic SHA which represents the empty tree