2006/10/25

FireFox 2 发布了!

Congratulation!

不过看起来,FireFox 用的内存越来越多了, :( 只打开了, Blogger一个网页就已经用了60M多内存了. 加内存吧~~~~

2006/10/24

802.1X is working under my Ubuntu Linux

Finally the my Ubuntu linux is authenticated with the Windows IAS 802.1x RADIUS server. Thanks Xsupplicant, thanks Open1x project to provide us a such great too.
今天, 我的 Ubuntu Linux 终于可以通过公司的 802.1X 端口认证了。非常感谢 Xsupplicant, 感谢 Open1X 小组为我们提供的工具。

Before configure your Linux box, you should be look at your windows configuration carefully. In fact M$ windows didn't support too much authentication methods. For Windows 2000 with the Wireless authentication patch, it do only support 3 type of EAP, (PEAP, MD5-Challenge, and Smart-card or Certificate). The MD5-Challenge is too weak, and the smart-card isn't deployed widely. So the PEAP is the proper, maybe only choice for Windows.
在开始配置你的 Linux 前,我们需要仔细察看 Windows 中802.1X的协议设置。实际上,在 Window 系统中,对以太网卡并不支持很多的认证方法。对于应用了微软无线认证补丁的 Windows 2000 中只支持三种 EAP 方法(PEAP, MD5-Challenge, and Smart-card or Certificate)。实际上基于 MD5 的认证方式实在是太脆弱了,而 Smart-Card 的应用实际上也不广泛。因此 PEAP 实际上是可以使用的唯一选择。

Under the Linux, there are some tricks for the Xsupplicant configurations. See the sample PEAP-example.conf below:


# This is an example configuration file for xsupplicant versions after 0.8b.

### GLOBAL SECTION

# network_list: defines all of the networks in this file which
# should be kept in memory and used.Comma delimited list or "all"
# for keeping all defined configurations in memory. For efficiency,
# keep only the networks you might roam to in memory.
# To avoid errors, make sure your default network is always
# in the network_list. In general, you will want to leave this set to
# "all".

network_list = all
#network_list = default, test1, test2

# default_netname: some users may actually have a network named "default".
# since "default" is a keyword in the network section below, you can
# change which is to be used as the replacement for this keyword

default_netname = default
#default_netname = my_defaults

# When running in daemon, or non-foreground mode, you may want to have the
# output of the program. So, define a log file here. Each time XSupplicant
# is started, this file will be replaced. So, there is no need to roll the
# log file.
logfile = /var/log/xsupplicant.log

# The auth_period, held_period, and max_starts modify the timers in the state
# machine. (Please reference the 802.1x spec for info on how they are used.)
# For most people, there is no reason to define these values, as the defaults
# should work.

#auth_period = 30
#held_period = 30
#max_starts = 3

### NETWORK SECTION
# The general format of the network section is a network name followed
# by a group of variables.

# Network names may contain the following characters: a-z, A-Z, 0-9, '-',
# '_', '\', '/'
# Those interested in having an SSID with ANY character in it can use
# the ssid tag within the network clause. Otherwise, your ssid will
# be the name of the network.

## The default network is not a network itself. These values are
## the default used for any network parameters not overridden
## in another section. If it's not in your network configuration
## and not in your default, it won't work!!

default
{
# type: the type of this network. wired or wireless, if this value is not
# set, xsupplicant will attempt to determine if the interface is wired or
# wireless. In general, you should only need to define this when
# xsupplicant incorrectly identifies your network interface.
type = wire # For your Ethernet card.

# wireless_control: If this profile is forced to wired, this will not do
# anything. However, if the interface is forced, or detected to be wireless
# XSupplicant will take control of re/setting WEP keys when the machine
# first starts, and when it jumps to a different AP. In general, you won't
# need to define, or set this value.
# wireless_control = yes

# allow_types: describes which EAP types this network will allow. The
# first type listed will be requested if the server tries to use something
# not in this list.
# allow_types = eap_tls, eap_md5, eap_gtc, eap-otp
allow_types = all

# identity: what to respond with when presented with an EAP Id Request
# Typically, this is the username for this network. If this is a string
# that does not contain any spaces, or unusual characters, it can be listed
# plain. Otherwise, it should be enclosed in quotes.
identity = "DOMAIN\USERID" # For window based 802.1X RADIUS, it should be DOMAIN\USER

# Force xsupplicant to send it's packets to this destination MAC address.
# In most cases, this isn't needed, and shouldn't be defined.
#dest_mac = 00:aA:bB:cC:dD:eE

eap-peap {
inner_id = USERID # Only UserID
# As in tls, define either a root certificate or a directory
# containing root certificates. If the path contains spaces, or unusual
# characters, enclose it in quotes.

# Trusted root cert can be exported from windows
# as DER format, and translate to PEM format by using openssl
# under Linux:
# openssl x509 -inform DER .cer -outform PEM -out root.crt
root_cert = /path/to/root/certificate
root_dir = "/path /to /root /certificate /dir"
crl_dir = /path/to/dir/with/crl
chunk_size = 1398
random_file = /dev/random # /dev/random will work for most case.

# If you don't know the CN name of your RADIUS server,
# You can make the cnexact = no
# While the RADIUS server name can be saw in "Xsupplicant -d A" mode
cncheck = myradius.radius.com
cnexact = yes # Should it be an exact match?
session_resume = yes

#Currently 'all' is just mschapv2
#If no allow_types is defined, all is assumed
allow_types = all # where all = MSCHAPv2, MD5, OTP, GTC, SIM
#allow_types = eap_mschapv2

eap-mschapv2 {
# ntpwdhash was generated by using "xsup_ntpwdhash " command
ntpwdhash = E653E6452753C97E46792567DFF599B6
# Don't put your password here, use the ntpwdhash instead.
#password = "phase2 mschapv2 pass"
}
}
}

# TIP:
#
# 1. Use the foregroup mode to debug your configure.
# It will show you all the things.
# /usr/sbin/xsupplicant -i eth0 -d A -f
#
# 2. Remove all the unnecessary data cleaned

2006/10/23

802.1X under Linux

The IS department reqired the 802.1X port authentication in the new campus, it really hurt me -- as a Linux fun. After I swithed to my Ubuntu, the network port will be blocked after 30 minutes.

Oh, I found the xsupplicant of Open1X project, it looks like a feasible way to have my Linux box running under the company's 802.1X network.

But there are still some problems need to be solved. Let's do it tomorrow. :) ...

keepend instruction in VIM syntax file

In the VIM "syntax region" instruction, there is a special parameter "keepend". In the VIM tutorial, the given sample is a inline comments. Somehow it give me a misleading that the *keepend* will be only used to match the end of line '$'. While it's totally wrong. :(
在VIM的 "syntax region" 语法中,支持一个特殊的 "keepend" 参数。 在 VIM 的介绍中, 对 keepend 用法的介绍是通过一个行内注释,以及可以在注释内出现的语法来讲解的。因此我已开始对 keepend 的用法也产生了错觉,认为它就是用来匹配行尾 "$" 的。但是实际上,这样的认识是完全错误的。

Let's take a look at this example.


syntax region xDocLink start="{" end="}" contained
syntax region xDocComment start="/\*\*" end="\*/"
\ contains=xDocLink

syntax region xBlock start="{" end="}"
\ contains=xDocComment keepend



if the "keepend" is defined in xBlock, the follows messge will be highlighted in wrong way.


{
/**
* The comments {@links}
*/
Block;
}


The xBlock will be terminated at the "}" inside the xDocComment. Even the the first "{" are matched as xDocLink, the "}" is still consided as the end of xBlock. It is the side effect of "keepend" instruction of xBlock.

The really meanings of "keepend" is to match the end of region, even it has already matched with its nested regions, whatever what's the pattern of end, in most case, it is "$", but it can be anything there.
其实 "keepend" 语句的实际意义是:尽可能匹配 region 所指定的 end pattern, 即便 这个pattern实际上已经被它的内联region所匹配了。这里的 keepend 实际上是指 end pattern,而不管这个 pattern 到底是什么,尽管大多数时候它都是 "$"。

Search pattern in VIM

The search pattern of VIM is little different with Perl. There is one thing I igonred at the beginning, and it made me confused for a long time. That is the group pattern can't be used inside the "[]"

In http://vimdoc.sourceforge.net/htmldoc/usr_27.html#27.6
 item matches   equivalent 
\d digit [0-9]
\D non-digit [^0-9]
\x hex digit [0-9a-fA-F]
\X non-hex digit [^0-9a-fA-F]
\s white space [ ] ( and )
\S non-white characters [^ ] (not and )
\l lowercase alpha [a-z]
\L non-lowercase alpha [^a-z]
\u uppercase alpha [A-Z]
\U non-uppercase alpha [^A-Z]
Using this predefined ranges works a lot faster than the character range it stands for.
But they can't be used inside the "[]" .

:-)

2006/10/18

VIM JavaScript syntax updated to 0.6

We have been there 0.5.1 for some monthes. Today, we will move to 0.6 :) The mainly changed part is JSDoc introduction.

The syntax file has been downloaded by 1019, it's rating 256/77 at 2006-10-17.
It is the 4th rated syntax file at VIM site. Please vote me, if it is helpful :)

I hope it can come into the offical VIM package in the near later.

VIM 参考手册 (中文版)

网络上面勤劳的同志好多啊!居然看到了中文翻译版本的 VIM 参考手册,而且还是最新的 7.0 版本,本来曾经有念头作这个事情的,已经被人先行一步了。

赞叹中~~~

2006/10/14

VIM syntax for JavaScript

This is my first VIM syntax file. Personaly, I think it is better than the Javascript syntax packaged with the VIMRUNTIME packages. Original version from Claudio Fleiner.
这是我制作的第一个 VIM syntax 文件, 其实也是在 Claudio Fleiner 原有的版本上改进而来的。自我感觉这个 syntax 比 VIM 发行版中自带的要好。:D 是不是有点自我吹捧了 xixi

It supports these lexcial elements in JavaScript: 可以识别的 JavaScript 语法类型:
  • String in "" or '';
  • Regex string
  • Number
  • Code comments in C/C++ style
  • TODO FIXME XXX TBD hightlight in the comments
  • JavaScript keywords
  • Global Ojbects: Array Boolean Date Error Function java JavaArray JavaClass JavaObject JavaPackage Math netscape Number Object Packages RegExp String
  • Bracket matches, including '{} [] ()'

2006/10/12

Google Docs & Spreadsheets

Google Docs & Spreadsheets

Google的集成工作做得真好,在这里编辑的东西可以无缝地发布到Blogger中。
如果再能集成到桌面就好了。 也许这个功能已经集成在了 GDS 中,
但是 Google Desktop Search 现在实在是有点沉重,不符合我的口味了 :(

期待简单~~~

BlockChain 相关电子书

@copyright of Sam Chadwick   - https://thehub.thomsonreuters.com/groups/bitcoin/blog/2017/09/10/blockchain-paper Blockchain Papers A c...