1. Enable sshd
#!/etc/init.d/ssh start
2.add new user for remote logon and add it to sudoer
#! user add xxxxx
3.sudo usermod -a -G sudo <username>
1. Enable sshd
#!/etc/init.d/ssh start
2.add new user for remote logon and add it to sudoer
#! user add xxxxx
3.sudo usermod -a -G sudo <username>
In recently, I read a good free ebook “AI driven design” from awwwards,
https://www.awwwards.com%2FAI-driven-design%2F&usg=AOvVaw0EGSfYZZYWEcAf_WtURI9L
To think about our mindset to resolve problems. It was evolved from incident (problem) driven to
Data driven and nowadays to AI driven. But what is AI driven, it is not clear for the most people in the world.
Even it become buzzwords today. From awwwards’s ebook, He mentioned the AI design should be tended to reduce choice, but not give a choice.
#open Google\ Chrome.app --args --disable-extensions --disable-plugins
#How to send loop request in Burp
1. User Intruder attack
2. Send request to Intruder attack and clear payload markers
3.Set how many counts you want to test
# How to display response time of http request in Intruder
如果到現在還看不到民意之所在,失敗絕不會太遠,對國內政客們實在都很失望,像這次的公投也是一團亂,我到現在還是沒搞清楚真正的訴求,以同性婚姻而言,剛好最近在看正義思辨第十二講,裡面的論證就想相當的多元,這都是政府應該做的事情,但現在的政府整天都忙者鬥爭,爭權奪利,台灣的未來會在哪裡,難不成真的只能期待強人政治來處理這類問題嗎?
Recently, I mount a windows server folder on my local Mac machine to use tail -f to grep the log.
The problem is the tail -f doesn’t work. But it works after I reexecute “tail -f “. In the end, I found
It was caused “-f “ is checking inode. Therefore I use “-F”, it will also check if file recreate or relocated.
Everything works fine.
Recently I want to download an video from Vimeo by youtube-dl, but I get the error message that I need to download from embedded page. After spent some time, I found you can use refer to original embedded page
youtube-dl -v "https://player.vimeo.com/video/1111111" —referer “http://test.com/videosharing"
指的是一種限制使用者只能使用特定的app,不能自己安裝清單外的軟體,透過白名單模式,在windows 8.1推出的kiosk mode 跟win10 app locker 也是類似的功能
最近想要進入更改設定,發現原本的登入方法無法進入,查了一下,原來是因為安全問題
所以把連線從http—> https, 另外預設的系統密碼也做了更改,改成040gw+mac address的最後四碼,
要取的MAC address 一個就是使用user/user帳號進入系統觀看,另外也可以直接到小烏龜後面,看貼紙
跟序號寫在一起,查詢Mac: 最後四碼即可
連結:https://communities.vmware.com/thread/597511
奇怪的bug,我今天也踩到了,要resume vm時,出現too many virtual machines
查了一下,目前還不知道真正的原因,只知道是可能跟docker 衝突
之前iOS控制中心是從右往左滑,升級到iOS12後,發現系統變好用了,卻找不到控制中心的位置,原來是改成在右上角,所以需要改從右上角往下滑即可以叫出之前的控制中心
參考資料
#install plaidml
pip install -U plaidml-keras
#choose driver
plaidml-setup
# benchmark test
pip install plaidml-keras plaidbench
plaidbench keras mobilenet
1. In Subline user package folder
2. Git init
3.git add —all *
4.git commit -m “ add config backup"
5.In GitHub to create new repo
6.git remote add origin https://github.com/xxx/xxx
7.git push -u origin. Master
8.In new laptop, go to user package
9.git clone https://github.com/xxx/xxxx/st-user-package
10.rm -rf User. (New user folder)
11.mv st-user-package to User. ( to replace a new one)
12. Done
Recently, I install Jupiter notebook in my new 2018MBP laptop.
I found I can switch python 2 and python3 on Jupyter notebook. But I found it often claim
There is no python modules no matter which python kernel I used.
Therefore I print sys.version in Jupyter notebook
Import sys
sys.version
===> it always use python 3.7
After have some try and error, I found the root cause it just because I didn’t install ipykernel with —user
After executed it, everything works fine
#python -m ipykernel install --user
tomcat
To have launchd start tomcat now and restart at login:
brew services start tomcat
Or, if you don't want/need a background service you can just run:
catalina run
## update firmware to the latest one
#sudo rpi-update
#connect with bluetooth keyboard and mouse
1. download opencv and opencv_contrib
#wget https://github.com/opencv/opencv/archive/3.4.0.zip
#wget https://github.com/opencv/opencv_contrib/archive/3.4.0.zip
2.
# cd opencv-3.4.0
#mkdir build
#cd build
# cmake -D CMAKE_BUILD_TYPE=RELEASE -D PYTHON_EXECUTABLE=/usr/local/bin/python3.6 -D OPENCV_EXTRA_MODULES_PATH=/tmp_files/opencv_contrib-3.4.0/modules ..
cd opencv-3.4.0
mkdir build
cd build
cmake -D CMAKE_BUILD_TYPE=RELEASE
-D CMAKE_INSTALL_PREFIX=/usr/local
-D INSTALL_PYTHON_EXAMPLES=OFF
-D CMAKE_CXX_COMPILER=/usr/bin/g++
-D INSTALL_C_EXAMPLES=OFF
-D OPENCV_EXTRA_MODULES_PATH=/YourPath/opencv_contrib-3.4.0/modules
-D PYTHON_EXECUTABLE=/usr/bin/python3.6
-D WITH_FFMPEG=OFF
-D BUILD_OPENCV_APPS=OFF
-D BUILD_OPENCD_TS=OFF
-D WITH_LIBV4L=OFF
-D WITH_CUDA=OFF
-D WITH_V4L=ON
-D WITH_QT=ON
-D WITH_LAPACK=OFF
-D WITH_OPENCV_BIOINSPIRED=OFF
-D WITH_XFEATURES2D=ON
-D WITH_OPENCL=OFF
-D WITH_FACE=ON
-D ENABLE_PRECOMPILED_HEADERS=ON
-D WITH_OPENCL=OFF
-D WITH_OPENCL_SVM=OFF
-D WITH_OPENCLAMDFFT=OFF
-D WITH_OPENCLAMDBLAS=OFF
-D WITH_OPENCV_DNN=OFF
-D BUILD_OPENCV_APPS=ON
-D BUILD_EXAMPLES=OFF ..
其實從1980年代,世界第二大經濟體日本,因為美國的匯率干涉,然後變成經濟泡沫,一路衰退的20年,以前
始終搞不懂,日本的研發經濟也在,也沒戰亂,為什麼突然就垮了,錢到了哪裡去。我聽到理論是因為房地產
泡沫,因為日本人大舉到日本買房地產,甚至連美國帝國大廈都買下來了,然後因為房地產泡沫,結果錢就這樣
沒了,證據就在廣場協議針對的五個國家,所以有五個國家都被迫貨幣升值,但日本持續維持低利環境,所以助長
房地產泡沫,現在換美國對上目前的第二大經濟體,中國,針對中國採取貿易制裁,中國的股市也的確跌到10年來最低
點,看中國政府目前的態度看得出來目前中國的確只有一路被打的份,幾乎完全無反抗能力,實在搞不懂為什麼
會完全無抵抗能力呢?理論上中國的內需應該要撐的起經濟,細看原因就在於中國的體質太差,所以一有風吹草動就會有放大
效應
由於寰宇預約需要輸入護照號碼等資料,要是人數多的話,可以考慮直接網站上預約,但要人數少也可以直接打電話預約,
預約完後,然後再進入寰宇方式先填寫自行抵達(之後可以再行變更),如果接送機也是請肯驛的話,也可以網路上預約好
接送後直接打客服電話,請他幫你從後台串連,就不要傷腦筋要如何填寫接送機司機姓名電話了,寰宇商務快速通關跟尊榮
通關的差別就是不能使用2樓的VIP貴賓室,但會給你一個小包廂,如果快速通關還沒到,會請你在小包廂等待,整個通關
行程非常快速,通關後,還會派車送你到登機門,另外寰宇的服務即時你是跟團的,也可以直接進入,不用跟領隊拿登機證。
他們一樣有辦法幫你搞定,也會嘗試幫你畫到比較好的位置,整個使用經驗是非常的不錯
Recently I tried to install python-saml on my mac, but I encountered the error which claimed
ld: file not found: /usr/lib/system/libsystem_symptoms.dylib for architecture i386
clang: error: linker command failed with exit code 1 (use -v to see invocation)
error: command 'gcc' failed with exit status 1. The root cause was “Mac OS X EI Capitan 10.11 missing
lib system_symptoms.dylib in Xcode8. You can fix it by the below script command.
After fixed it, you can use pip install python-saml without error
## fix script
#!/bin/bash
sudo /usr/bin/sed -i.backup -E -e 's@/usr/lib/system/libsystem_symptoms.dylib(, )?@@' \
$(grep -ril /usr/lib/system/libsystem_symptoms.dylib \
/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/usr/lib)
brew uninstall –force node
brew uninstall icu4c && brew install icu4c
brew unlink icu4c && brew link icu4c –force
brew install node
Update @2018/07/29
今天更新Mac security update 後,又遇到問題,登入後,系統出現lsd crash, 另外嘗試開啟其他的app
也是一樣出現app crash 的訊息,後來自己查到這篇,就重新開機,開啟single user model 後,一樣把檔案刪除
重開後就一切正常了
# 重新開機
# 開機按 command + s 進入single user model
# remount root folder : #/sbin/remount -uw /
#rm -rf /private/var/folders/**
#重新開機
今天點了Mac OS 的安全性更新後,發現無法正常登入桌面,可以開機看到登入畫面,但在繼續登入就不行,但奇怪的是又可以用其他帳號登入
嘗試過修護權限硬碟都沒有用,後來用其他帳號登入後,開啟/var/log/system.log, 發現裡面很多關於 com.apple.lsd 的Crash report ,查了一下,
手動執行/usr/libexec/lsd 直接就出現Segmentation fault:
後來解法就是把/private/var/folders/ 下面的目錄砍掉,然後重開,就一切正常了
$ brew install openssl && brew install swig $ brew --prefix openssl pip
$ ipytonenv LDFLAGS="-L$(brew --prefix openssl)/lib" \ CFLAGS="-I$(brew --prefix openssl)/include" \ SWIG_FEATURES="-cpperraswarn -includeall -I$(brew --prefix openssl)/include" \ pip install m2crypto
我的2011 MBP later 之前一直是使用雙硬碟模式,配置為
原本的硬碟槽: SSD (sata3)
光碟槽: HDD (sata2 )
最近因為HDD的讀取速度不佳,想說趁者最近硬碟特價更換一個,
後來發現更換成Sata3的硬碟時,會遇到
1.Sata 3 SSD ==> 根本偵測不到硬碟
2.Sata 3 HDD ==> 硬碟變成read only,無法對硬碟做任何操作,
如果這系統資訊看到的會是連結速度跟協調的連結速度都是6 Gigabit
反之原本正常的硬碟卻是如下圖,連結速度是6 gigabit( sata3),但協調的連結速度
為3Gigabit (Sata2) 目前找到的解法都是要透過硬碟廠商提共的軟體工具把運作
模式降成Sata2 才能相容
Modify the robomongo configuration file at /Users/<user>/.config/robomongo/0.9/robomongo.json
1.modify shellTimeoutSec from 15 to 60
2.batchSize: from 50 to 1000
一般寄送時程:
今日寄件,後天取貨。
包裹查詢網址:
https://eservice.7-11.com.tw/E-Tracking/Error.htm?aspxerrorpath=/e-tracking/search.aspx
狀態說明
狀態 | 狀態說明 | 貨況 |
資料已接收 | 賣家已上傳出貨檔 | 貨件在賣家 |
賣家已出貨 | 賣家將包裹交寄門市 | 貨件在寄件門市 |
轉運中 | 包裹由物流中心轉運買家取貨門市 | 貨件在司機 |
已到店 | 包裹已送達買家取貨門市 | 貨件在取件門市 |
門市異常(店到店) | 買家取貨門市關轉,請買家重選店 | 貨件在物流中心 |
已取貨 | 買家已取貨 | 貨件在買家 |
退貨(買家) | 買家逾期未取貨,包裹退貨至物流中心 | 貨件在物流中心 |
退貨(賣家) | 賣家逾期未退貨,包裹退貨至物流中心 | 貨件在物流中心 |
已退至賣家門市 | 包裹退回 | 貨件在寄件門市 |
門市異常(物流交寄) | 門市關轉、特殊門市 | 貨件在物流中心 |
廠退(物流交寄) | 物流中心完成退貨包裝,商品將依賣家設定退回 | 貨件在物流中心 |
驗收失敗(物流交寄) | 物流驗收失敗,商品將依賣家設定退回 | 貨件在物流中心 |
1.You can use #git config —list or check in your home directory #vim ~/.gitconfig
#git config -l (list git config)
#git config -e (open in your default editor)
2. 如果有多個git server 位置,就需要透過~/.ssh/config 去控制要使用的ssh key
詳細參考資料:
最近在研究購買行動充電電池,發現規格實在有夠多,有QC1.0, QC2.0,QC3.0 甚至QC4.0,另外還發現有的行動電源會寫
USBpd,而且還滿貴的,話說USB 充電,從usb 2.0 只能提共2.5W的電力,到USB 3.0 的4.5W 或BC .2的7.5W,
yum install -y libnet libpcap libnet-devel libpcap-devel
yum install libnet-devel
yum install libpcap-devel
yum install glib2-devel
## cd mysql-sniffer
##mkdir proj
##cd proj
##cmake ../
##make
簡而言之,就是從網路取的客戶,然後一樣導到實體店家去取貨,有點類似以前可能店家需要透過打廣告
吸引客戶上門買東西,現在是直接在線上購買後,直接到實體電取貨,跟前幾年流通的B2B,C2C,B2C有點
小小差異,O2O 跟b2b 中間比較有交集的部份就是所謂的團購,但團購網現在已經式微,原因是兩端的
商家或買家,基本上都不需要在透過這個團購平台進行,除非是小量,
For example:
If I want to install a xargs, but there is no single package name “xargs”. It means that you can’t just install xargs command through “brew install barges”.
Instead, you should find which package include this command first.
# brew search —desc xargs ( —desc : search in description)
findutils: Collection of GNU find, xargs, and locate
# brew install findutils
之前有聽鍋Synology 軟體做的不錯,但一直沒機會玩,距離我上一次玩Nas應該已經快15年了吧,這幾年來儲存裝置都只有使用WD thunderbolt mybook
昨天從組裝硬碟到透過網路設定都給我很經驗的使用者體驗,果然不愧是國內少數直的提起的軟體廠商
In previous, the release cycle of on-premise product, it can take 6 months to 18 months to release a new version. But in the Saas world, the release schedule was reduced to 2 months , even in
1 week. So what should change as a software tester. Here is some draft things from me.
1) Mindset change, Learn by analogy ==> Think Efficiency. Because we don’t have much time on testing. So we need to find out what should we spend on and what should not?
2) New tool adoption. Need to adopt the CI, CD tool to reduce the release cycle.
3) efficacy test case selection.
The possible root cause is because you enable server certificate revocation option .
Once you enable it, it will hide “Continue to this website(not recommended)”, therefore you can’t add exception to continue
browser this page. The solution is to disable “check server certificate revocation* to have exception option for your insecure
website
1.
netstat -ap tcp|grep -i "listen"
2. sudo lost -PiTCP -sTCP:LISTEN
YAML 語法基本規則
* 區分大小寫
* 使用縮排
* 不允許使用Tab 縮排,只能使用空格
* 縮排的空格數不重要,只要同一階層使用相同空格數即可
YAML支援的數據結構有三種
* 物件(object): 對應其他語言的dictionary, hash or object
Car: wheel
* 序列 (Sequences)
-Dog
-Bird
-Fish
* 數值 (Scalars)
number: 12.3
Clickjacking 就是一種攻擊手法,讓使用者在不知不覺的情況下進行攻擊,常見攻擊為使用網頁的iFrame將造假的網頁
與正常的網頁載入,在透過iframe visibility 的屬性改成隱藏,讓使用者看起來是登入假的網頁,但實際上卻是登入正常的網頁
可以分為
frame-based clickjacking ( UI redressing)
plugin-base clickjacking
比較容易防護的方式就是使用在http header 使用same origin policy
Sop is a nutshell. It restrict the access to the element in the document object model of page only
to the scripts which having the exact same origin of the domain name. Only if the web page have the
exact same origin can pass SOP check.
$> brew install openssl | |
$> brew install swig | |
$> env LDFLAGS="-L$(brew --prefix openssl)/lib" \ | |
CFLAGS="-I$(brew --prefix openssl)/include" \ | |
SWIG_FEATURES="-cpperraswarn -includeall -I$(brew --prefix openssl)/include" \ | |
pip install m2crypto |
新聞來源:https://tw.news.yahoo.com/%E5%8B%9E%E9%80%80%E5%9F%BA%E9%87%91%E5%88%86%E7%B4%85-%E6%9C%80%E9%AB%98%E7%8D%A8%E6%8B%BF110%E8%90%AC-215005574--finance.html
去年度勞動基金規模為3兆6288億元,其中新制勞退基金為1兆8984億元,收益數約1407億元,收益率為7.93%,相較前一年收益率3.23%成長2倍以上,勞保局預計今年3月5日起,將收益分配金額揭示於勞工退休金個人專戶。
勞動基金: 收益2552億 收益率7.59%
勞退基金: 收益1407億 收益率7.93%
017年全球股市榮景一片,帶動政府管理的勞動基金去年整年度的投資收益高達2,552億餘元,收益率7.59%創下歷史新高,其中攸關廣大勞工朋友的新制勞退基金也大有斬獲,收益率有7.93%,勞工每人平均可分1萬2,600多元。
近幾年來,很多知名的軟體都走向收年費制度,每年要續訂付費,個人雖然不反對,但我覺得收費模式還是應該要看軟體特性而定,採年費訂閱致,應該是那種幾乎每天都用的,因為持續用,所以持續付費買服務都算滿合理的,但有些軟體,可能一年也用不到幾次,如果一樣採用年費制,甚至是月費制實在是很難讓人買不下手,我覺得這類軟體,應該採用perpetual 或者可以採用類似保險費收費模式,付買幾年後,可以得到終身保固,基本上軟體的壽命本來就很難很長,我覺得推出類似的分期付款模式可以提高客戶的忠誠度與黏濁度
網址:https://www.parallels.com/tw/promo-premium-mac-app-bundle/
幾乎可以說是每年唯一的一次綑綁銷售只到2/28 下午四點整,話說parallels desktop的銷售一般都是每年會有兩段時間會有折扣,一個是所謂的綑綁銷售,另外一個就是當有新版時,會另外販售允許升級到新版的舊版序號,我之前是都有購買綑綁銷售,但這一年來很多軟體都走向訂閱模式,實在會讓人有點猶豫,特別是很多軟體一年根本用不到幾次,我覺得關於軟體銷售模式,如果要改用訂閱模式可以成功的條件,就是該軟體是每天都要使用的,就像你家裡的水電費
https://github.com/aboul3la/Sublist3r
A tool to get all subdomain from querying search engine
國外已經有駭客”fail overflow” 已經demo,詳細的可以參閱
他們的tweet https://twitter.com/fail0verflow/status/964954316892119040
1. Installation
https://github.com/alexmojaki/birdseye
2.inital birdseye:
#python -m birdseye
3.usage
1. In your debug file
from birdseye import eye
@your debug function to add decorator ‘eye'
for example:
@eye
def logon():
4.Launch web browser: http://127.0.0.1:7777
* select the file that you want to debug
What is security?
Security is a continue process to protect your data or asset. It against unforeseen actions that may cause it to stop functioning or being exploited.
What is security testing?
Security testing is an non-function testing . The objective of security testing to find the possible vulnerability or threats
by performing a set of security testing case.
How to do the security testing?
You can start your testing from 6 basic security concepts. They are
1)Confidentiality
2)Integrity
3)Authentication
4)Authorization
5)Availablity
6)Non-repudication
Base on these 6 parts to create your security test case. You can also average some security scan tool to do vulnerability scan or threats detections.
reference:
http://www.digitimes.com.tw/seminar/iii_20150923/2-新型態下的系統效能檢測-V1.0%20V1.pdf
1.根據大多數的定義,Security testing 是屬於Non-functional Testing, 在ISO9126理的定義,
Security testing 則屬於Functional Testing. 這也是為什麼會有不同的答案的關係
根據報導資料,目前有員工5700名,其中大概有80名資料科學家
Stitch Fix
創辦時間:2011年
創辦人:卡特里娜·雷克 Katrina Lake
地點:美國舊金山
類型:時裝訂閱服務
員工數:5700名
開啟jmeter, 強制透過proxy 出去,可以透過這樣觀察整個http connection 的request and response
./jMeter -H 127.0.0.1 -P 8080
原因:java 的warning message, 所以可以在加-Djsse.enableSNIExtension=false
java -Djsse.enableSNIExtension=false -cp BurpUnlimited.jar larry.lau.BurpLoade
You can just write a shell script, the content is as below.
I put it on /usr/local/bin/scrapy. Everything works fine
#! /usr/bin/python2.7
# path to python 2.7 (python 3 doesn't work well with scrapy atm)
import sys
import scrapy.cmdline
sys.exit(scrapy.cmdline.execute())
# Take install python3 as example
1) brew gist-logs pytohn3 ( equals brew postinstall python3 —verbose)
2)
#ls -l /usr/bin/install_name_tool
#otool -L /usr/bin/install_name_tool
3) uninstall python3
#brew uninstall python3
4) access Xcode build license
#sudo xcodebuild -license ( scroll down to the bottom and type agree )
5) brew install python3
1.Home Screen: Press “home” or cmd + H
2.Change input method: ctrl+space
3.Siri : home+space
4.Send button in iMessage ( or Line): So far, I didn’t find the solution, no matter you send the enter or event combine cmd+enter. It only send new line, but not equal to send button
影片:透過chrome plug-in : Video Downloader for Facebook<sup>TM</sup> 相簿: 透過chrome plug-in : Tampermonkey 搭配script : Facebo...