Eclipse 3.2.1 with CDT installation notes

1.下載eclipse 3.2.1 解壓後的檔案放到任意位置(如:c:\program files\),雙擊eclipse.exe運行
2.下載 cdt 套件org.eclipse.cdt.sdk-3.1.1-win32.x86.zip
或簡裝版org.eclipse.cdt-3.1.1-win32.x86.zip
3.解壓後有feature 和 plugins 將 其中所有檔案移到 eclipse 安裝目錄features 和 plugins內.
4.sourceforge 下載MinGW5.x(2006/12) 官方站www.mingw.org為3.x版且其它gcc windows32 API 等需分開下載及安裝. MinGW5.x可一次安裝所要的libray 和 include files.
5.在windows 加入path c:\MinGW\bin
6.改c:\mingw\bin\mingw32-make.exe 為c:\mingw\bin\make.exe
7.在eclipse 必需以Managed xxxx 形式開Project, 再在其中加入source file

簡單測試:
在DOS下運行gcc 若收到 no input files 即表示compiler 工作常
運行make 收到 *** no targets specified and no makefile found. Stop 即make工作常
試在eclipse 中做hello world project 無error即可

安裝MinGW5後令DEV-CPP出問題, 解決方法見前一個post

DEV-CPP:: [Linker error] undefined reference to `__cpu_features_init'

在為ECLIPSE 3.2.1 安裝CDT( c/c++ develop tools) 的MinGW5.x 後, DEV-CPP編譯出現以下問題,無法編譯.
=====================
Compiler Output:
---------------------
[Linker error] undefined reference to `__cpu_features_init'
ld returned 1 exit status

Compiler Log:
----------------------
Compiler: Default compiler
Executing g++.exe...
g++.exe "C:\Documents and Settings\user\My Documents\New Folder\hello.cpp" -o "C:\Documents and Settings\user\My Documents\New Folder\hello.exe" -g3 -I"C:\Dev-Cpp\lib\gcc\mingw32\3.4.2\include" -I"C:\Dev-Cpp\include\c++\3.4.2\backward" -I"C:\Dev-Cpp\include\c++\3.4.2\mingw32" -I"C:\Dev-Cpp\include\c++\3.4.2" -I"C:\Dev-Cpp\include" -L"C:\Dev-Cpp\lib" -g3
/mingw/lib/crt2.o:crt1.c:(.text+0x16a): undefined reference to `__cpu_features_init'
collect2: ld returned 1 exit status

Execution terminated
=======================
其中 : ...-L"C:\Dev-Cpp\lib" -g3 /mingw/lib/crt2.o:crt1.c:(.text+0x16a): undefined reference to `__cpu_features_init'
懷疑新裝MinGW5 library 與 dev-cpp 不兼容. dev-cpp 中所有Package 除Windows32API外升至最新版.
更改Dev-CPP設置, Tools->Compiler Options->Directories->Libraries
原c:\Dev-Cpp\lib 外加入 新install 的MinGW的路徑 c:\mingw\lib 移至最上,暫時解決問題.
版本資料
DEV-CPP 5 (4.9.9.2)
GCC/G++ 3.4.2
GNU Make 3.80.0.3
MinGW runtime 3.9
Windows32 API 3.6 (current 3.8)

Java Notes::Basic of Class, Var. and Method

參考:
Java 基礎教程
耿祥義 著
清華大學出版社
isbn 7-302-09142-0
一、類Class
1.類聲明
2.類體

例子:
class ClassName //類名
{ //類體
.....
}; //由class 開始到本行為類聲明.

類體可分成兩部份:1.變量定義 2.方法定義
例子:
class Square
{
int num_side; //變量定義
float area; // 成員變量

float calc_area_method(int local_var1) //方法定義
{
float local_var2;
};
}; //End of ClassName

二、變量:
在變量定義部份所定義的變量稱為『類的成員變量』如 num_side, area
而在方法體中的稝稱為局部變量,如 lcoacl_var1, local_var2
有效範圍: 成員變量在整個變量都有效, 而局部變量只在定義它的方法有效.

成員變量又分為『實例成員變量』(實例變量) 和 『類成員變量』(類變量/靜態成員變量)
例子:
class Animal
{
int legs; //實例變量
static int head; //類變量, 加 static
..............
};

三、方法:
語法格式
Method Overload
constructor

與變量相似,方法可分為『實例方法』與『類方法』
class ClassName
{
int var1;
static float var2;
float method1() // instant method
{

};
static int method2() // class method or static method
{

};
}; //end of ClassName


四、Object(物件、對象)
語法:
ClassName objectName;
objectName = new ClassName( ); //此處 ClassName( ) 為 default 的 constructor.
//若帶有arguments 則為對應之constructor.
寫成一句的形式:
ClassName objectName = new ClassName( );

Object的建立與內存分配:
當運行ClassName objectName 時系統在內存中建立了一個單元,名為objectName其中不包括任何數據.亦即没有任何"實體".
而運行到objectName = new ClassName( ); 系統建立Object分配各個成員變量的內存和初值,返回一個"引用",也就是返回一個地址(代表這些成員變量內存的首地址)給objectName.
建立多個Object,則各自有自己的引用.

五、static 的說明
當Java程序開始運行時,類的byte code載入內存,類變量(static)則會分配內存,但若該類没有創建object,則該類的實例變量不會被分配內存.每當新建objects各自建立實例變量且互不相同,共享類載入的類變量,類變量佔用內直至程序結束,任何的改變則會影響其它object.
實例方法與類方法比較與上述相似,類實例方法在byte code載入時若未建立任何object則不會為其分配入口地址,直到建立了第一個object,注意,其後建立的object共享第一個入口地址而不用再分配.對於類方法,類載入時即獲得分配地址,不論是否有相應的object.
從而,static method何以不用在建立物件前即可以以 ClassName.staticMehtod的形式調用.

Big Harddisk in WinXP

Buy a 250GB maxtor harddisk, connect to the HighPoint RAID controller, but only found 128GB under windows xp. Enter to the controller BIOS, found that only detected 136GB, I thing that is the limit of this controller. Connect this to the main board IDE, it detected 250GB of this new harddisk, install windows xp in the new harddisk, but it still only show 128GB, i upgrad the BIOS, reinstall the windows xp, but no change, at last i found an article in maxtor download web site(enable_big_harddisk.exe), the winxp sp1 has a limit in big hardisk, must install sp2 or use the enable_big_harddisk.exe to fix, i install sp2 and the winxp could read the full size of the new hardisk.

hints:
1.Windows XP SP1 : limit harddisk size on 137GB
2. Windows XP SP2 support over 137GB harddisk
3.HIGH POINT HP370 RAID limit harddisk on 137GB
4.Onboard IDE controller support big harddisk better, (Abit KG7-RAID)

Debian Console下支援BIG5 碼

在Debian console使用upsfs(台灣開發)時出現亂碼,嘗試以下方法後可正常顯示中文字
#env //顯示環境變量
:
:
LANG= zh_HK.UTF8
...
LANGUAGE=en_HK:en_US:en_GB:en


#dpkg-reconfigure locales
選要用到的區域,如zh_tw.

再次env查看
LANG=zh_TW

重新登入即可.

web browser language detection

in php there is a server variable $_SERVER["HTTP_ACCEPT_LANGUAGE"]
This variable show what the web browser accept or prefer language, like en-us, zh-hk etc.
when the browser configure more than one accept language, there is a "quality values" which are floating point values between 0 and 1, higher values indicate higher preference.
zh-hk,en;q=0.5 example in IE, two language
zh-hk,en;q=0.7,zh-cn;q=0.3 example in Firefox three language
the most prefer language is zh-hk(chinese hongkong, no q value), en(english) q= 0.7 is second, zh-cn, q=0.3 is the last in these three language.

Tips on build debian package

http://linuxdevices.com/articles/AT8047723203.html

What is a package, exactly?

To put it very simply, a package is a collection of files with instructions on what to do with them. A package usually contains a program or programs, but sometimes it has only documentation, window manager themes, or other files that are easier to distribute in an installable package.

The package contains instructions on where those files should reside in the filesystem, what libraries or other programs the contents of the package are dependent on (if any), setup instructions, and basic configuration scripts. Note that many packages cannot be used or should not be used with the default settings contained in their configuration files. With packages such as Apache, you'll still need to configure your installation after the package has been set up.

Packages usually contain precompiled software, but you can also package source code. Some admins may prefer to install from source, or your application may require customization prior to compilation, so if you're distributing software that is under a free or open source license, you may wish to create a source package as well as a "binary" package.

All binary Debian packages consist of three basic things: a text file called debian-binary, a compressed tarball called control.tar.gz, and another compressed tarball called data.tar.gz.

The debian-binary text file contains the version number for the binary package, which should be 2.0. The control.tar.gz file contains the control file; the postinst file, which contains instructions on what to do after installing the package; and the prerm file, which contains removal instructions. control.tar.gz may also contain a file with information about configuration files for the package called conffiles and a file with the MD5 checksums for the package called md5sums.

The data.tar.gz contains the actual "payload" of the package. That is, it contains a filesystem with all the relevant files for your program that, when installed, will be placed in the appropriate spots in your system's filesystem.

If you want to see what a package looks like for yourself, download a few packages from the Debian site and run ar -x packagename.deb. (-x will unpackage the .deb archive, use -t to view only). Debian packages are simply archives of the files mentioned above.

example: adduser_3.87_all.deb

# ar -t adduser_3.87_all.deb
debian-binary
control.tar.gz
data.tar.gz
# tar -tvf control.tar.gz
drwxr-xr-x root/root 0 2006-04-26 22:01:15 ./
-rw-r--r-- root/root 18 2006-04-26 22:01:13 ./conffiles
-rwxr-xr-x root/root 958 2006-04-26 22:01:13 ./postinst
-rwxr-xr-x root/root 220 2006-04-26 22:01:13 ./postrm
-rwxr-xr-x root/root 908 2006-04-26 22:01:13 ./config
-rw-r--r-- root/root 12559 2006-04-26 22:01:14 ./templates
-rw-r--r-- root/root 4772 2006-04-26 22:01:15 ./md5sums
-rw-r--r-- root/root 1303 2006-04-26 22:01:15 ./control
# tar -tvf data.tar.gz
drwxr-xr-x root/root 0 2006-04-26 22:01:12 ./
drwxr-xr-x root/root 0 2006-04-26 22:01:13 ./etc/
-rw-r--r-- root/root 600 2006-04-26 22:01:13 ./etc/deluser.conf
drwxr-xr-x root/root 0 2006-04-26 22:01:12 ./usr/
drwxr-xr-x root/root 0 2006-04-26 22:01:12 ./usr/sbin/
-rwxr-xr-x root/root 29690 2006-04-26 22:01:12 ./usr/sbin/adduser
-rwxr-xr-x root/root 13994 2006-04-26 22:01:12 ./usr/sbin/deluser
drwxr-xr-x root/root 0 2006-04-26 22:01:14 ./usr/share/
drwxr-xr-x root/root 0 2006-04-26 22:01:13 ./usr/share/adduser/
-rw-r--r-- root/root 2244 2006-04-26 22:01:13 ./usr/share/adduser/adduser.conf
drwxr-xr-x root/root 0 2006-04-26 22:01:12 ./usr/share/doc/
:
.
drwxr-xr-x root/root 0 2006-04-26 22:01:12 ./usr/share/man/fr/man5/
-rw-r--r-- root/root 2089 2006-04-26 22:01:12 ./usr/share/man/fr/man5/adduser.conf.5.gz
-rw-r--r-- root/root 1551 2006-04-26 22:01:12 ./usr/share/man/fr/man5/deluser.conf.5.gz
drwxr-xr-x root/root 0 2006-04-26 22:01:12 ./usr/share/man/fr/man8/
-rw-r--r-- root/root 3901 2006-04-26 22:01:12 ./usr/share/man/fr/man8/adduser.8.gz
drwxr-xr-x root/root 0 2006-04-26 22:01:12 ./usr/share/man/pl/
drwxr-xr-x root/root 0 2006-04-26 22:01:13 ./usr/share/man/pl/man5/
drwxr-xr-x root/root 0 2006-04-26 22:01:12 ./usr/share/man/pl/man8/
-rw-r--r-- root/root 4013 2006-04-26 22:01:12 ./usr/share/man/pl/man8/adduser.8.gz
drwxr-xr-x root/root 0 2006-04-26 22:01:12 ./usr/share/man/sv/

http://www.debian.org/doc/FAQ/ch-pkg_basics.en.html

6.4 What is a Debian control file?

Specifics regarding the contents of a Debian control file are provided in the Debian Policy Manual, section 5, see What other documentation exists on and for a Debian system?, Section 11.1.

Briefly, a sample control file is shown below for the Debian package hello:

     Package: hello
   Priority: optional
   Section: devel
   Installed-Size: 45
   Maintainer: Adam Heath 
   Architecture: i386
   Version: 1.3-16
   Depends: libc6 (>= 2.1)
   Description: The classic greeting, and a good example
    The GNU hello program produces a familiar, friendly greeting.  It
    allows nonprogrammers to use a classic computer science tool which
    would otherwise be unavailable to them.
    .
    Seriously, though: this is an example of how to do a Debian package.
    It is the Debian version of the GNU Project's `hello world' program
    (which is itself an example for the GNU Project).

The Package field gives the package name. This is the name by which the package can be manipulated by the package tools, and usually similar to but not necessarily the same as the first component string in the Debian archive file name.

The Version field gives both the upstream developer's version number and (in the last component) the revision level of the Debian package of this program as explained in Why are Debian package file names so long?, Section 6.3.

The Architecture field specifies the chip for which this particular binary was compiled.

The Depends field gives a list of packages that have to be installed in order to install this package successfully.

The Installed-Size indicates how much disk space the installed package will consume. This is intended to be used by installation front-ends in order to show whether there is enough disk space available to install the program.

The Section line gives the "section" where this Debian package is stored at the Debian FTP sites. This is the name of a subdirectory (within one of the main directories, see What are all those directories at the Debian FTP archives?, Section 5.1) where the package is stored.

The Priority indicates how important is this package for installation, so that semi-intelligent software like dselect or console-apt can sort the package into a category of e.g. packages optionally installed. See What is an Essential Required, Important, Standard, Optional, or Extra package?, Section 6.7.

The Maintainer field gives the e-mail address of the person who is currently responsible for maintaining this package.

The Description field gives a brief summary of the package's features.

For more information about all possible fields a package can have, please see the Debian Policy Manual, section 5., "Control files and their fields".

---

6.5 What is a Debian conffile?

Conffiles is a list of configuration files (usually placed in /etc) that the package management system will not overwrite when the package is upgraded. This ensures that local values for the contents of these files will be preserved, and is a critical feature enabling the in-place upgrade of packages on a running system.

To determine exactly which files are preserved during an upgrade, run:

     dpkg --status package

And look under "Conffiles:".

---

6.6 What is a Debian preinst, postinst, prerm, and postrm script?

These files are executable scripts which are automatically run before or after a package is installed. Along with a file named control, all of these files are part of the "control" section of a Debian archive file.

The individual files are:

preinst

This script executes before that package will be unpacked from its Debian archive (".deb") file. Many 'preinst' scripts stop services for packages which are being upgraded until their installation or upgrade is completed (following the successful execution of the 'postinst' script).

postinst

This script typically completes any required configuration of the package foo once foo has been unpacked from its Debian archive (".deb") file. Often, 'postinst' scripts ask the user for input, and/or warn the user that if he accepts default values, he should remember to go back and re-configure that package as the situation warrants. Many 'postinst' scripts then execute any commands necessary to start or restart a service once a new package has been installed or upgraded.

prerm

This script typically stops any daemons which are associated with a package. It is executed before the removal of files associated with the package.

postrm

This script typically modifies links or other files associated with foo, and/or removes files created by the package. (Also see What is a Virtual Package?, Section 6.8.)

Currently all of the control files can be found in directory /var/lib/dpkg/info. The files relevant to package foo begin with the name "foo" and have file extensions of "preinst", "postinst", etc., as appropriate. The file foo.list in that directory lists all of the files that were installed with the package foo. (Note that the location of these files is a dpkg internal; you should not rely on it.)

6.13 How do I install a source package?

Debian source packages can't actually be "installed", they are just unpacked in whatever directory you want to build the binary packages they produce.

Source packages are distributed on most of the same mirrors where you can obtain the binary packages. If you set up your APT's sources.list(5) to include the appropriate "deb-src" lines, you'll be able to easily download any source packages by running

     apt-get source foo

To help you in actually building the source package, Debian source package provide the so-called build-dependencies mechanism. This means that the source package maintainer keeps a list of other packages that are required to build their package. To see how this is useful, run

     apt-get build-dep foo

before building the source.

---

6.14 How do I build binary packages from a source package?

You will need all of foo_*.dsc, foo_*.tar.gz and foo_*.diff.gz to compile the source (note: there is no .diff.gz for some packages that are native to Debian).

Once you have them (How do I install a source package?, Section 6.13), if you have the dpkg-dev package installed, the following command:

     dpkg-source -x foo_version-revision.dsc

will extract the package into a directory called foo-version.

If you want just to compile the package, you may cd into foo-version directory and issue the command

     dpkg-buildpackage -rfakeroot -b

to build the package (note that this also requires the fakeroot package), and then

     dpkg -i ../foo_version-revision_arch.deb

to install the newly-built package(s).

---

6.15 How do I create Debian packages myself?

For more detailed description on this, read the New Maintainers' Guide, available in the maint-guide package, or at http://www.debian.org/doc/devel-manuals#maint-guide.

802.1x and 802.11

Today search some documents about RADIUS, some notes between 802.1x and 802.11, aslo their relation.
802.11-- the standard of wireless, like the 802.11a/b/g WEP, WAP....
802.1x -- the standard of port-base network access control.
The 802.11 not the sub-protocol of 802.1x, they use in very different way. but BOTH of 802.11 and 802.1x offer authentication method to control the access of network.
In 802.11, it porvide two method, 1:Open System, 2: Share Key Authentication.
The 802.1x use many stander authentication protocols in wire network,like RADIUS.
Nowaday, 802.1x has been adapted to use in 802.11 to enhanced the security of wireless network.

Setup SSL in Apache

在web連接時加入SSL. 採用載入Apache SSL module 形式.
環境: Debian Testing/Unstable , Apache 1.3, OpenWebMail, 已完成網站設定並可以正常運行於端口80.

目的: 用SSL加密client 與 server的連線.
安裝apache SSL module:
debian:/usr/lib/apache/1.3# apt-get install libapache-mod-ssl
.....
Get:1 http://ftp.hk.debian.org testing/main libapache-mod-ssl 2.8.25-1 [328kB]
....
Unpacking libapache-mod-ssl (from .../libapache-mod-ssl_2.8.25-1_i386.deb) ...
Setting up libapache-mod-ssl (2.8.25-1) ...
./ca-bundle.crt ... Skipped
./snakeoil-dsa.crt ... 5d8360e1.0
./snakeoil-rsa.crt ... 82ab5372.0
./snakeoil-ca-dsa.crt ... 0cf14d7d.0
./snakeoil-ca-rsa.crt ... e52d41d0.0
之後系統提示使用那一方的設置(用戶現行設置/軟件開發者設置), 因選了保留用戶現行設置, 故需自己設定config file. 要自己修改/etc/apache/module.conf, httpd.conf
今次誤打誤撞試用apache-modconf.
debian:/etc/apache# apache-modconf apache-ssl
Creating config file /etc/apache-ssl/httpd.conf with new version
Creating config file /etc/apache-ssl/modules.conf with new version
比較過設置檔, 運行完apache-modconf apache-ssl後在module.conf會加入
LoadModule ssl_module /usr/lib/apache/1.3/mod_ssl.so
但没有在httpd.conf 中作出合適設定.在httpd.conf或者/etc/apache/conf.d/加入

<IfModule mod_ssl.c>
##  SSL Global Context
##
##  All SSL configuration in this context applies both to
##  the main server and all SSL-enabled virtual hosts.
##


Listen 443

#
#   Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

#   Pass Phrase Dialog:
#   Configure the pass phrase gathering process.
#   The filtering dialog program (`builtin' is a internal
#   terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog  builtin

#   Inter-Process Session Cache:
#   Configure the SSL Session Cache: First either `none'
#   or `dbm:/path/to/file' for the mechanism to use and
#   second the expiring timeout (in seconds).
#SSLSessionCache        none
#SSLSessionCache        shm:logs/ssl_scache(512000)
SSLSessionCache         dbm:/var/run/ssl_scache
SSLSessionCacheTimeout  300

#   Semaphore:
#   Configure the path to the mutual explusion semaphore the
#   SSL engine uses internally for inter-process synchronization.
SSLMutex  file:/var/run/ssl_mutex

#   Pseudo Random Number Generator (PRNG):
#   Configure one or more sources to seed the PRNG of the
#   SSL library. The seed data should be of good random quality.
#   WARNING! On some platforms /dev/random blocks if not enough entropy
#   is available. This means you then cannot use the /dev/random device
#   because it would lead to very long connection times (as long as
#   it requires to make more entropy available). But usually those
#   platforms additionally provide a /dev/urandom device which doesn't
#   block. So, if available, use this one instead. Read the mod_ssl User
#   Manual for more details.
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512

#   Logging:
#   The home of the dedicated SSL protocol logfile. Errors are
#   additionally duplicated in the general error log file.  Put
#   this somewhere where it cannot be used for symlink attacks on
#   a real server (i.e. somewhere where only root can write).
#   Log levels are (ascending order: higher ones include lower ones):
#   none, error, warn, info, trace, debug.
#SSLLog      /var/log/apache/ssl_engine_log
#SSLLogLevel info

</IfModule>

若用virtual host 則加入:

<VirtualHost newvhost.domain.org:443>
  <IfModule mod_ssl.c>
   SSLEngine on
   SSLCertificateFile    /etc/apache/ssl.crt/server.crt
   SSLCertificateKeyFile /etc/apache/ssl.key/server.key
   SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
   </IfModule>

</VirtualHost>

若没有用virtual host則將上斜體字 部份加入之前的中.

建立SSL Cert:
debian:/etc/apache# mod-ssl-makecert
/etc/apache/ssl.crt/server.crt: already present
/etc/apache/ssl.csr/server.csr: already present
/etc/apache/ssl.key/server.key: already present

Do you really want to overwrite the existing certificate ? [y/N]: y (因第一次設置時誤輸入pass phrase)

What type of certificate do you want to create?
1. dummy (dummy self-signed Snake Oil cert)
2. test (test cert signed by Snake Oil CA)
3. custom (custom cert signed by own CA)
4. existing (existing cert)


Use dummy when you are a vendor package maintainer,
test when you are an admin but want to do tests only,
custom when you are an admin willing to run a real server
existing when you are an admin who upgrades a server.

Normally you would choose 2.

your choice: 2 (測試用)
Which algorithm should be used to generate required key(s)?

1. RSA
2. DSA

Normally you would choose 1.

your choice: 1
SSL Certificate Generation Utility (mkcert.sh)
Copyright (c) 1998-2000 Ralf S. Engelschall, All Rights Reserved.

Generating test certificate signed by Snake Oil CA [TEST]
WARNING: Do not use this for real-life/production systems
______________________________________________________________________

STEP 1: Generating RSA private key (1024 bit) [server.key]
1376666 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
.++++++
................................................++++++
e is 65537 (0x10001)
______________________________________________________________________

STEP 2: Generating X.509 certificate signing request [server.csr]
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
1. Country Name (2 letter code) [XY]:mo(輸入與自己服務器有關資料)
2. State or Province Name (full name) [Snake Desert]:macau
3. Locality Name (eg, city) [Snake Town]:macau
4. Organization Name (eg, company) [Snake Oil, Ltd]:asum
5. Organizational Unit Name (eg, section) [Webserver Team]:asum it
6. Common Name (eg, FQDN) [www.snakeoil.dom]:debsrv.asum.edu.mo
7. Email Address (eg, name@FQDN) [www@snakeoil.dom]:netadm@asum.edu.mo
8. Certificate Validity (days) [365]:(有效期自定)
______________________________________________________________________

STEP 3: Generating X.509 certificate signed by Snake Oil CA [server.crt]
Certificate Version (1 or 3) [3]:
Signature ok
subject=/C=mo/ST=macau/L=macau/O=asum/OU=asum it/CN=debsrv.asum.edu.mo/emailAddress=netadm@asum.edu.mo
Getting CA Private Key
Verify: matching certificate & key modulus
Verify: matching certificate signature
/etc/apache/ssl.crt/server.crt: OK
______________________________________________________________________

STEP 4: Encrypting RSA private key with a pass phrase for security [server.key]
The contents of the server.key file (the generated private key) has to be
kept secret. So we strongly recommend you to encrypt the server.key file
with a Triple-DES cipher and a Pass Phrase.
Encrypt the private key now? [Y/n]: y
writing RSA key
Enter PEM pass phrase: (輸入加密密碼, 此密碼會在啟動apahce 發問)
Verifying - Enter PEM pass phrase: (兩次必需相同)
Fine, you're using an encrypted RSA private key.
______________________________________________________________________

RESULT: Server Certification Files

o /etc/apache/ssl.key/server.key
The PEM-encoded RSA private key file which you configure
with the 'SSLCertificateKeyFile' directive (automatically done
when you install via APACI). KEEP THIS FILE PRIVATE!

o /etc/apache/ssl.crt/server.crt
The PEM-encoded X.509 certificate file which you configure
with the 'SSLCertificateFile' directive (automatically done
when you install via APACI).

o /etc/apache/ssl.csr/server.csr
The PEM-encoded X.509 certificate signing request file which
you can send to an official Certificate Authority (CA) in order
to request a real server certificate (signed by this CA instead
of our demonstration-only Snake Oil CA) which later can replace
the /etc/apache/ssl.crt/server.crt file.

WARNING: Do not use this for real-life/production systems

debian:/etc/apache# apachectl start (重新啟動apache)
Apache/1.3.34 mod_ssl/2.8.25 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.

Server localhost:443 (RSA)
Enter pass phrase: (輸入建立cert時用的密碼)

Ok: Pass Phrase Dialog successful.
/usr/sbin/apachectl start: httpd started

之後在瀏覽器中輸入https://name_or_ip
第一次連接會提示是否接納該cert.

未完成:
1.使啟動apache 免輸入pass phrase,以免令啟動Script出現等候.
2.squrriel web mail 未能接IMAP server, 未知是否與轉用SSL連線有關.

參考:
http://www.debian-administration.org/articles/31

teleline dial-in server

建立經電話線撥入登錄服務器,用modem透過電話線撥入.
server 先安裝好modem, 用外置56k modem 接入com port, 接上電源和電話線.
外置modem安裝較簡單,尤其舊式com port, 在linux下不需要安任何driver, 只要選對相應的端口.而且外且式modem有燈號可查看工作狀態.
安裝mgetty
shell# apt-get install mgetty
修改 /etc/inittab 加入或移除# "T3:23:respawn:/sbin/mgetty -x0 -n8 -s 38400 ttyS1" 其中-n8 為8下鈴聲後由modem接聴. -s 38400 為連線速度.(PSTN 一般為38400)
重新開機或行telinit 再行一次運行相應的級別.
shell# telinit q
由另外一個modem 經電話線撥入即可.

TIPS:
ttyS0 為com 0, 在接入modem到com port 後,若不知所接的為那個com口, 可留意modem 燈號, TT , 若在/etc/inittab 中設置正確並telinit q後, TT燈會亮, 可由ttyS0,ttyS1...逐個試.

RSS test in blogger.com

I found that the blogger.com seem supports RSS on my blog and bookmark it, i post this article to test the bookmark will update my new post or not.
it will update the blog titles every time start up firefox,
i install the infoRSS.xpi and set it to get update from my blog, but no luck, coz the RSS support in blogger.com olny support blogger-pro version.

network design [::] wireless subnet+firewall+vpn

前言:
剛買了手提電腦,家中的無線設備終於有用武之地,設定AP(NOKIA) 用WI-FI WEP連線.完成後出現一些問題,都是與防火墻(Bering & Shorewall)的設置有關--不同subnet間的連線限制所致.後來用VPN撥接,不但解決了其中問題,亦意外地發現利用這種方式,可以實現一些想了很久的存取管理.證明了OpenSource的力量.

系統環境:(亦即是現在家中的網絡,但免日後有混淆,還是說明一下.)
核心是一部Pentium100建成的防火墻及ADSL寛頻路由器(機名firewall),有多個網卡,用意為建立不同的子網(subnet),以實現不同的需求和管理.使用C 類私有IP::192.168.x.x/24; 分別為192.168.0.0/24(名為loc)和192.168.1.0/24(名為wlan). subnet 0 有部實驗用的Debian Linux Server(機名debsrv), ip:192.168.1.253/24 運行服務有ssh, dns (解析本地域,一個私有自設名為lab.的域), apache web server(兩個virturl host: www.debsrv.lab 和 mail.debsrv.lab)以及其它一些服務,詳細設定略去. subnet 0 還有一部windows xp 的機(winxpc), 有數個文件共享. 而Subnet 1 則為接有一部無線AP. 供無線網絡客戶接入.整個系統的IP及網絡設定由firewall負責.同時作為dns forwader接Internet和lab. 域的Secondary DNS (均由DNSMasq實現).

對wlan中的電腦的網絡連線管理,可以由firewall 依 IP來管理,但對於像無線網絡這種存在風險的環境,若一視同仁地開放網絡是不智.若要讓個別user能存取又不影響安全性, 又不會影響一般用戶,VPN可以提供合宜的方案.以本例,在wlan的電腦可以使用Internet,對於在loc的提供的服務則不開放,但容許個別用戶使用.

首先為wlan用戶提供基本上網服務,這包括對Internet DNS查詢, 對firewall的ssh連線. 網絡設置由DHCP提供.
DNSMasq 完成對兩個subnet提供DHCP和dns 查詢緩存功能.會根據客戶所在subnet而提供合適IP設置如下:
Windows IP Configuration
Host Name . . . . . . . . . . . . : D2N2L2BX
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : lab

Ethernet adapter Wireless Network Connection:
Connection-specific DNS Suffix . : lab
Description . . . . . . . . . . . : Intel(R) PRO/Wireless 2200BG Network Connection
Physical Address. . . . . . . . . : 00-16-6F-71-6F-93
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.200
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.0.253 192.168.0.254

Lease Obtained. . . . . . . . . . : Sunday, May 07, 2006 3:09:35 PM
Lease Expires . . . . . . . . . . : Monday, May 08, 2006 3:09:35 AM
特別注意是default gateway 及 dns server, 1.254和0.254都是firewall的兩個網卡ip, 而0.253則是lab域的Primary DNS.

Shorewall 提供firewall iptable 管理和設定.
/etc/shorewall/interfaces
#ZONE INTERFACE BROADCAST OPTIONS
#net eth0 detect dhcp,routefilter,norfc1918
net ppp0 -
wlan eth1 detect
loc eth0 detect
loc ppp+
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

/etc/shorewall/zones
#ZONE DISPLAY COMMENTS
net Net Internet
loc Local Local networks
wlan Wireless Wireless networks
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

/etc/shorewall/policy
#SOURCE DEST POLICY LOG LIMIT:BURST
# LEVEL
loc net ACCEPT
wlan net ACCEPT
net all DROP ULOG
fw loc ACCEPT
fw wlan ACCEPT
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

/etc/shorewall/rules
因設定檔太長,相關扼述如下:
allow loc -> fw tcp22 udp53 udp67,68 tcp80
allow wlan -> fw tcp22 udp53 udp67,68 tcp80
ssh/22 dns/53 dhcp/67,68 weblet/80
allow loc -> fw tcp47,1723
allow wlan ->fw tcp47,1723
VPN pptpd/47,1723

由interfaces, ppp0為adsl接入Internet的介面卡, 而ppp+ 則視為與loc在同一個子網的介面卡,據測試,ppp+不包括ppp0.在vpn 連接時, server會建立ppp虛擬介面卡,若此時不存在ppp0則會使用了ppp0,將該vpn 連接視為net zone 限制連入loc.而使用ppp1則不會.

/etc/pptpd.conf
localip 192.168.0.254
remoteip 192.168.0.100-110

/etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
username pptpd "vpnpassword" *

設置後,在wlan的用戶,可連上Internet,(無線網則先建立無線連接),正常使用各類Internet服務,但對於在loc的所有訪問則禁止,此時,個別用戶若要連入loc,則先進行VPN 連線,成為loc的一部份,wlan 電腦取得ip 設置如下:
PPP adapter 254:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.100
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 192.168.0.100
此時,該機就可以使用在loc中debsrv 的DNS services 找www.debsrv.lab 和 mail.debsrv.lab 以及 winxpc 中網上鄰居的共享. 同時亦可連上Internet.

以下是VPN 連線前後wlan中電腦網絡狀態一些比較:
連接前:
netstat -nr
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 6f 71 6f 93 ...... Intel(R) PRO/Wireless 2200BG Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.200 30
65.54.179.192 255.255.255.255 192.168.1.254 192.168.1.200 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.200 192.168.1.200 30
192.168.1.200 255.255.255.255 127.0.0.1 127.0.0.1 30
192.168.1.255 255.255.255.255 192.168.1.200 192.168.1.200 30
207.46.219.62 255.255.255.255 192.168.1.254 192.168.1.200 30
224.0.0.0 240.0.0.0 192.168.1.200 192.168.1.200 30
255.255.255.255 255.255.255.255 192.168.1.200 192.168.1.200 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None


tracert www.google.com
Tracing route to www.l.google.com [66.249.89.99]

over a maximum of 30 hops:
1 3 ms 3 ms 3 ms 192.168.1.254
2 17 ms 16 ms 16 ms nrp28.macau.ctm.net [202.175.100.28]
3 18 ms 17 ms 19 ms v601a.macau.ctm.net [202.175.95.61]
4 19 ms 19 ms 16 ms gw3-192.macau.ctm.net [202.175.26.203]
5 24 ms 22 ms 24 ms pr3-pos1.macau.ctm.net [202.175.1.42]
6 38 ms 40 ms 42 ms rs1.hkix.net [202.40.161.1]
7 38 ms 43 ms 38 ms 192.168.168.34
8 28 ms 31 ms 28 ms google2-RGE.hkix.net [218.100.16.24]
9 93 ms 97 ms 96 ms 72.14.236.228
10 100 ms 110 ms 101 ms 72.14.236.208
11 105 ms 104 ms 97 ms 66.249.89.99
Trace complete.


VPN連線後:
PPP adapter 254:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.100
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 192.168.0.100

netstat -nr
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 6f 71 6f 93 ...... Intel(R) PRO/Wireless 2200BG Network Connection - Packet Scheduler Miniport
0xe0004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.100 192.168.0.100 1
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.200 31
65.54.179.192 255.255.255.255 192.168.1.254 192.168.1.200 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.100 255.255.255.255 127.0.0.1 127.0.0.1 50
192.168.0.255 255.255.255.255 192.168.0.100 192.168.0.100 50
192.168.1.0 255.255.255.0 192.168.1.200 192.168.1.200 30
192.168.1.200 255.255.255.255 127.0.0.1 127.0.0.1 30
192.168.1.254 255.255.255.255 192.168.1.200 192.168.1.200 30
192.168.1.255 255.255.255.255 192.168.1.200 192.168.1.200 30
207.46.219.62 255.255.255.255 192.168.1.254 192.168.1.200 30
224.0.0.0 240.0.0.0 192.168.1.200 192.168.1.200 30
224.0.0.0 240.0.0.0 192.168.0.100 192.168.0.100 1
255.255.255.255 255.255.255.255 192.168.0.100 192.168.0.100 1
255.255.255.255 255.255.255.255 192.168.1.200 192.168.1.200 1
Default Gateway: 192.168.0.100
===========================================================================
Persistent Routes:
None

Route Table

tracert www.google.com
Tracing route to www.l.google.com [66.249.89.99]
over a maximum of 30 hops:
1 5 ms 5 ms 5 ms 192.168.0.254
2 20 ms 20 ms 19 ms nrp28.macau.ctm.net [202.175.100.28]
3 19 ms 19 ms 20 ms v601a.macau.ctm.net [202.175.95.61]
4 19 ms 19 ms 19 ms gw3-192.macau.ctm.net [202.175.26.203]
5 25 ms 23 ms 23 ms 202.175.1.42
6 24 ms 28 ms 24 ms rs1.hkix.net [202.40.161.1]
7 27 ms 30 ms 26 ms 192.168.168.34
8 33 ms 29 ms 32 ms google2-RGE.hkix.net [218.100.16.24]
9 97 ms 100 ms 98 ms 72.14.236.228
10 111 ms 102 ms 106 ms 72.14.236.208
11 182 ms 143 ms 99 ms 66.249.89.99

Trace complete.

P.S 存在VPN連線時,暫時發現會造成msn不能連線; 本blog 編輯時不能save as draft, 而一般網頁瀏覽則未發現有問題.

eMail Sent Failure Troubleshoot Tips on Postfix

首次由測試eMail Server寄出電郵至ivanlee@sum.edu.mo及user2@debian.sum.edu.mo(user2與寄件者為同在Testing Server)只有user2收到, 查看/var/log/mail.log,發現該網域主DNS(192.168.4.1)不能把電郵指向email sever,
其後第二次則轉用ivanlee@mail.sum.edu.mo (明確用其主機名作電腦後綴)即成功找到該email server.

Failure sent log /var/log/mail.log
==============================================================================

Feb 27 19:47:50 debian postfix/smtpd[17831]: connect from localhost.localdomain[127.0.0.1] Feb 27 19:47:50 debian postfix/smtpd[17831]: 8893510A5C:
client=localhost.localdomain[127.0.0.1]
Feb 27 19:47:50 debian postfix/cleanup[17834]: 8893510A5C: message- id=<20060227114639.m16250@debian.sum.edu.mo>
Feb 27 19:47:50 debian postfix/qmgr[17767]: 8893510A5C:
from=, size=1204, nrcpt=2 (queue active) Feb 27 19:47:50 debian postfix/smtpd[17831]: disconnect from localhost.localdomain[127.0.0.1] Feb 27 19:47:50 debian postfix/smtp[17835]: connect to sum.edu.mo
[192.168.4.2]: No route to host (port 25) Feb 27 19:47:50 debian postfix/local[17836]: 8893510A5C:
to=, relay=local, delay=0, status=sent (delivered to mailbox) Feb 27 19:47:53 debian postfix/smtp[17835]: connect to sum.edu.mo
[192.168.4.1]: No route to host (port 25)
Feb 27 19:47:53 debian postfix/smtp[17835]: 8893510A5C:
to=, relay=none, delay=3, status=deferred (connect to
sum.edu.mo[192.168.4.1]: No route to host)

==============================================================================


success sent log
=============================================================================
Feb 27 19:58:35 debian postfix/smtpd[17859]: connect from localhost.localdomain[127.0.0.1] Feb 27 19:58:35 debian postfix/smtpd[17859]: B909610A62:
client=localhost.localdomain[127.0.0.1]
Feb 27 19:58:35 debian postfix/cleanup[17862]: B909610A62: message- id=<20060227115618.m87347@debian.unknown>
Feb 27 19:58:35 debian postfix/qmgr[17767]: B909610A62:
from=, size=1278, nrcpt=1 (queue active) Feb 27 19:58:35 debian postfix/smtpd[17859]: disconnect from localhost.localdomain[127.0.0.1] Feb 27 19:58:35 debian postfix/smtp[17863]: B909610A62:
to=, relay=mail.sum.edu.mo[192.168.253.78],
delay=0, status=sent (250 2.0.0 k1R3g2q15481 Message accepted for delivery) Feb 27 19:58:35 debian postfix/qmgr[17767]: B909610A62: removed =============================================================================

Dovecot POP3 不允許經Port 110收信

情況:
設置Outlook 2003 用POP3 Port 110 時,彈出輸入用戶名稱和密碼,即使輸入正確亦不能通過.後在/etc/dovecot/dovecot.conf 中使用protocols = pop3s , 並在outlook 選用POP3須加密連線SSL 端口為995後即可連接收取信件, 但會提加密連接憑證無法確認來源,是否繼續等.

症兆:
若在dovecot.conf 中 prototcols = pop3
檢查/var/log/mail.log有以下一句

Apr 27 13:15:53 debian dovecot: pop3-login: Login failed: Plaintext authentication disabled: rip=192.168.1.251, lip=192.168.10.199

成因及解決方法:
問題在於server不接受Plaintext Authentication,而使用POP3S又因SSL連接所用的憑證不是正式公證授權,雖可使用,但每次Outlook均會發出警告.

若使用POP3則需在dovecot.conf設置明確允許Plaintext Authentiction 令
disable_plaintext_auth = no
並重新啟動dovecot
在Client中用回pop3 及port 110

Outlook 2003無法收取POP3信件

設置完dovecot pop3 後無法通過outlook 2003 收信, 但outlook 設置wizard中的測試全部通過.只是在[接收及發送]時在順利傳送而接收出現0x800ccc0f錯誤.
檢查日誌: /var/log/mail.log
Apr 23 06:52:58 debian dovecot: pop3(tuser): Effective uid=1000, gid=1000
Apr 23 06:52:58 debian dovecot: pop3(tuser): pop3_uidl_format setting is missing from config file
Apr 23 06:52:58 debian dovecot: pop3-login: Login: user=, method=PLAIN, rip=192.168.1.251, lip=192.168.10.199, TLS
Apr 23 06:52:58 debian dovecot: child 25917 (pop3) returned error 89

google 一下 pop3_uidl_format 參考http://wiki.dovecot.org/Migration
懷疑/etc/dovecot/dovecot.conf 設置不當. 設置成如下內容.
pop3_uidl_format = %v-%u
儲存並重新啟動dovecot即可

後注:
用%v-%u (Courier Version 2 格式),因之前曾安裝過courier,故用此格式.
而SquirrelMail不能讀已建用戶Sent/Draft等Mail Floder,懷疑與由courier轉成dovecot但未做相應的轉換有關.

Debian下apt-get install OpenWebMail

OpenWebMail 在標準Debian Source 中並未收錄,
google後由http://b2d.tnc.edu.tw/有deb版本.
編輯/etc/sources.list 加入
deb ftp://debian.tnc.edu.tw/pub1 b2d/
然後用apt-get install 安裝即可.

Openwebmail 加入http compression

在Debian(testing/unstable)下用apt-get安裝完Openwebmail後,並未有加入HTTP Compression 功能(登入頁面中該項為不可選). 因未安裝 libcompress-zlib-perl
debian:~#apt-get install libcompress-zlib-perl
再次刷新Login頁面即可.

[問:]SquirrelMail不顯示寄件資料夾

[問:]在SquirrelMail中,左方應該有收件夾(/var/mail/username ) , 寄件夾(~/mail/Sent)等,現只剩收件夾, 其它在~/mail/下一概消失.
[答:]在Linux下檢查發現~/mail/有名為INBOX.Sent INBOX.Drafts INBOX.Trash 之檔案.而未曾登入使用過SquirrelMail之用戶則没有這些檔案. 暫解決方法是把這些檔案移走,重新登入讓系統再次建立, 若原來之資料夾有郵件,則覆蓋新建之檔案即可.但此法會使資料夾顯示成與檔案名相同--即含有INBOX. sufix.
成因可能與多次變更POP3 IMAP server, 同時安裝openwebmail 以及多次改動Squirrel Mail 設置有關.
用另一用戶, 其郵件資料夾存放於~/home/mail/Sent, 没有INBOX.的前綴.(之前在/etc/squirrelmail/confg.pl 中設了不要前綴)

Debian 語言區域設置 解決松鼠電郵(squirrel webmail)中文介面不能顯示問題

debsrv:/# dpkg-reconfigure locales

在GUI介面下選擇所要的區域語言,例如今次選了:
en_HK.ISO-8859-1
en_HK.UTF-8
zh_CN.GBK
zh_CN.UTF-8
zh_HK.BIG5-HKSCS
zh_HK.UTF-8
zh_TW.BIG5
zh_TW.UTF-8
以支援兩岸三地中文字(希望行得通) (zh_CN.180xxxx 在gen locale 時相當耗時,不要選)
(題外話: 兩岸政府簡直就是在虐殺中文...憤，在這一點上焚書坑儒的暴君秦始皇比他們聰明多)
下一步則選zh_HK.UTF-8後ok即可 (曾選為en_HK.UTF-8 除部分頁面外, 其它正常出中文)
重啟apache (可免)
完成


http://wiki.debian.org.tw/index.php/locales
http://wiki.debian.org.tw/index.php/ShareNote

[問:] ./config make make install ...等原理,工作過程

[問:]一直都搞不清當我們下載源碼後執行 ./config、 make、 make install等一系列make 命令，它們之間的關係，工作過程，對系統的影響等...?