就从今天开始吧。
Monday, 6 October 2008
Wednesday, 16 April 2008
Friday, 11 April 2008
@London Heathrow Airport
昨晚就打电话叫了早上10点20的taxi,结果一个老爷爷在10点10分就按响了家里的门铃,无奈之下只好匆匆出门。
老爷爷果然老辣,一路走的都是丛林小道,几度被转晕。非常幸运的于10点25分就到了National Express车站。开车时间是11点15分。一个非常胖的眼镜叔叔正在车里大嚼,完全没有理会我站在车外不断挥舞的双手。无奈之下,只好在狂风中等候。胖眼镜叔叔嚼完,非常安详的从不知什么地方掏出了一本小说,开始看。到了11点5分,胖眼镜叔叔终于打开了车门,验票,上车。掐指一算,在狂风中溜溜站了40分钟。
11点10分,终于开车了。昏昏欲睡。
忘了带食物和水。
路上遭遇几乎各种天气情况。
堵车!堵车!!
继续堵车!堵车!!
饿!饿!!饿!!!
终于,我们在眼镜胖叔叔的带领下安全到达Heathrow Airport Central Bus Station。这时已经是4点55分。
就差那么一点点,就那么一点点,我就在大coach里坐了6个小时。
伦敦到北京的空中飞行时间也不过10个小时而已。
下车,找路,去Terminal 3,吃饭,check-in,安检。一切忙完,居然才5点56分。发达国家的机场工作效率真他妈不是吹的。回想伟大首都北京机场崭新的Terminal 3,国内航班,飞机落地整整一个小时以后,居然行李还没有出现在传送带上。看来这还真跟人多人少没关系。
飞机是8点25分起飞的CA938,还早还早,还有正好两个小时。
无所事事中。
亲爱的宝贝,想你了,你在呼呼呢吧?有没有梦见我啊?
See you, maybe (maybe not)...
今天要走了,呵呵。还有几个小时。不知道什么时候再见了。我也说不好。
今天是一个特殊的日子,对我,还有远方的那个宝贝儿。
只想对你说,亲爱的,你还好吗?现在在做什么呢?有没有在想我呢?
亲爱的,我爱你。
Thursday, 10 April 2008
喜欢你的理由
今天给你打电话挺开心的,呵呵。越来越能感觉到你骨子里那股坏坏的味道了。
对了,今天还总结了一下为什么会喜欢你这个坏坏的小宝贝,在这里记录一下吧:
1。坏坏的你。
2。天真的你。
3。不刻意掩饰,也不刻意表现的你。
4。单纯的你。
5。爱笑的你。
6。傻傻的你。
7。普通话时好时坏的你。;-)
8。小可爱,小宝贝的你。
跟你在一起的感觉很舒服,就像那初夏的阳光,洒在身上暖暖的。虽然风还带着一丝凉意,但心里却格外的温暖。即便是在这寒冷的冬夜,每每想起你,心里都是暖和的。是那种不快不慢的感觉,不用去追赶什么,但又流畅而自然地前进着。让人觉得很安逸,很平静。
对了,今天还总结了一下为什么会喜欢你这个坏坏的小宝贝,在这里记录一下吧:
1。坏坏的你。
2。天真的你。
3。不刻意掩饰,也不刻意表现的你。
4。单纯的你。
5。爱笑的你。
6。傻傻的你。
7。普通话时好时坏的你。;-)
8。小可爱,小宝贝的你。
跟你在一起的感觉很舒服,就像那初夏的阳光,洒在身上暖暖的。虽然风还带着一丝凉意,但心里却格外的温暖。即便是在这寒冷的冬夜,每每想起你,心里都是暖和的。是那种不快不慢的感觉,不用去追赶什么,但又流畅而自然地前进着。让人觉得很安逸,很平静。
Wednesday, 9 April 2008
想念你
一个人的夜是那么的安静,正好可以慢慢想你,想你的可爱,想你的美。
我这里不冷,就是总是阴雨绵绵,整天看不见太阳。一个人走在街上的时候会感觉到冷,甚至冻手。可心里却总是暖暖的,因为有你。因为我知道,在遥远的天边,有一个可爱的女孩儿这时也正在想念着我。
再没有什么比见到你,认识你更神奇了。的确,一切都是那么的匆匆忙忙,快得有些让人不知所措。可我们终究谁也没有逃跑,谁也没有退缩,这就是缘分吧。其实从一出生,上帝早已安排好人世间的一对对男女,可茫茫人海,最后真正能够找到对方的都会有那童话般王子和公主幸福生活的故事。缘分是天注定的。不过要感谢你,坚持到了最后,让我们最终有机会见面。
喜欢你,就这么简单。
虽然相隔万里,但感觉你就在身边,在这个静静的夜里,感觉你的呼吸,感觉你的味道。透过屏幕,就能看见你可爱的笑脸,和吃东西时那傻傻的样子,一切都很完美。对于相隔遥远的人,黑夜其实并不一定是坏事儿,黑夜可以让人安静下来,一个人发呆,静静地思念,静静地想你。
现在已经10点50,可爱的宝贝就要起床了,又能听到宝贝的声音了,傻傻的,呆呆的,可爱极了。
怎么说呢,就像今天跟你说的,我是一个感情很丰富的人,特别容易被周围的环境所感动。一个小小的举动,一件微乎其微的小事儿,都能让我感动地流泪。呵呵。
前两天在家里看士兵突击,流泪了无数次,是那种无法控制地激动,呵呵。又要被你笑话了。
Honey, I'll always be with you...
上帝在创造女人的时候,忘记了教会她们说抱歉。So, honey, never say 'sorry' to me, ever...
心里不断的想像着再次见你时的场景,会是什么样呢?呵呵。可能就像现在这样安静。不知道会对你说什么,或者要对你说什么。大概看着你的眼睛,就会明白了。
突然有冲动想抱抱你,就现在,让时间停止,安静地去感觉你的味道,你的呼吸。
可时间总是会分分秒秒的过去,接下来的日子谁也无法预测,谁也不知道会发生什么。但至少我们现在都很开心。所以就静静地想念你吧。
其实生活是一件很简单的事儿,有一个可爱的女孩儿可以去思念,就足够了。但这不会是永远的思念,会有那么一天,我们不需要再这样默默地在心里计算着对方的时间,静静地等待着对方的电话。你明白我的意思吗,宝贝?
我这里不冷,就是总是阴雨绵绵,整天看不见太阳。一个人走在街上的时候会感觉到冷,甚至冻手。可心里却总是暖暖的,因为有你。因为我知道,在遥远的天边,有一个可爱的女孩儿这时也正在想念着我。
再没有什么比见到你,认识你更神奇了。的确,一切都是那么的匆匆忙忙,快得有些让人不知所措。可我们终究谁也没有逃跑,谁也没有退缩,这就是缘分吧。其实从一出生,上帝早已安排好人世间的一对对男女,可茫茫人海,最后真正能够找到对方的都会有那童话般王子和公主幸福生活的故事。缘分是天注定的。不过要感谢你,坚持到了最后,让我们最终有机会见面。
喜欢你,就这么简单。
虽然相隔万里,但感觉你就在身边,在这个静静的夜里,感觉你的呼吸,感觉你的味道。透过屏幕,就能看见你可爱的笑脸,和吃东西时那傻傻的样子,一切都很完美。对于相隔遥远的人,黑夜其实并不一定是坏事儿,黑夜可以让人安静下来,一个人发呆,静静地思念,静静地想你。
现在已经10点50,可爱的宝贝就要起床了,又能听到宝贝的声音了,傻傻的,呆呆的,可爱极了。
怎么说呢,就像今天跟你说的,我是一个感情很丰富的人,特别容易被周围的环境所感动。一个小小的举动,一件微乎其微的小事儿,都能让我感动地流泪。呵呵。
前两天在家里看士兵突击,流泪了无数次,是那种无法控制地激动,呵呵。又要被你笑话了。
Honey, I'll always be with you...
上帝在创造女人的时候,忘记了教会她们说抱歉。So, honey, never say 'sorry' to me, ever...
心里不断的想像着再次见你时的场景,会是什么样呢?呵呵。可能就像现在这样安静。不知道会对你说什么,或者要对你说什么。大概看着你的眼睛,就会明白了。
突然有冲动想抱抱你,就现在,让时间停止,安静地去感觉你的味道,你的呼吸。
可时间总是会分分秒秒的过去,接下来的日子谁也无法预测,谁也不知道会发生什么。但至少我们现在都很开心。所以就静静地想念你吧。
其实生活是一件很简单的事儿,有一个可爱的女孩儿可以去思念,就足够了。但这不会是永远的思念,会有那么一天,我们不需要再这样默默地在心里计算着对方的时间,静静地等待着对方的电话。你明白我的意思吗,宝贝?
Tuesday, 8 April 2008
说我喜欢你
你现在正在呼呼呢,不知道你是不是真的感冒了,都是我不好,只希望你能一切都好。
刚挑了一些照片发给你,有London的,Norwich的,Amsterdam的,还有一个忘了什么名字的什么garden的。都是以前拍的了,而且压成了很小的图片,呵呵。
我也不知道自己怎么了,但今天确实做了一件傻事儿。呵呵。不断的告诉自己很多遍,有些话一定要到下一次看到你的时候看着你的眼睛告诉你,可不知道自己是怎么了,总觉得现在心里的这些话,如果不告诉你,可能以后都没有机会了。
想过很多种方法,呵呵,别笑我傻。发信息告诉你,或者发email告诉你,或者写在卡上告诉你。可都被自己否决了。发信息肯定是最笨最笨的方法了,估计连傻子都知道。发email告诉你,又觉得这些出现在屏幕上的字儿都是冷冰冰的,也不好。写在卡上告诉你的确不错,可又只能到下次见到你的时候才能交给你,等不了那么长时间了。又想是不是可以冷不丁的白天某个时候给你打个快速电话,说出来,想想那样更白痴。呵呵。别笑我,就这件事儿让我足足想了一整天。其实晚上给你打电话的时候也好多次都话到嘴边有忍住了,大概我就是这样的一个人吧。最后,到了最后,实在是觉得如果再不说今天肯定又没有机会了,才鼓起勇气说了出来。笑我吧,呵呵。
可能我太冒失了,不知道这些话说出来,而且是通过电话告诉你,你会是一种什么心情。不管了,反正话也说了,你怎么想我是你的事情了,呵呵。你可以想我是个随便的人,或者从来没正经,或者随便什么,不管了,我只想把心里的话告诉你。
跟你说过有些话无论如何,不管怎样,我也会看着你的眼睛对你说的。只乞求下次再见面的时候和你在一起的时间能长一点儿,真的。
又给你写了一张卡,呵呵。到时候应该有多少呢?25张?可能吧,呵呵。如果我没有哪天漏掉的话。
很想念你。
想你的感觉就像是一种味道,一种很奇妙的味道,透过鼻子的那一瞬间就已经知道不会再忘记了。
从初次见你到今天已经整整一个礼拜的时间了,时间过得很慢却又很快。跟你说话的时候,不知不觉一个小时两个小时就那样飞一样的过去了,没有你的时候,连本来自认为挺热爱的工作都变得索然无味了。这也算是缘分吧,你说呢?
喜欢一个女孩需要理由吗?可能吧,我也不知道。我现在只是觉得你就像一块巨大的吸铁石,把我吸引过去。我就像一只寻路回家的小狗一样,坚持着鼻尖那永远抹之不去的味道,朝着那条路一直走下去。不知道前方的路会有多长,也不知道前方会有什么荆棘坎坷,只希望能在某一个清晨发现你就站在那路的尽头。
好像开始痴人说梦了。呵呵。梦就梦吧,就当自己是在做梦,起码这个梦让我觉得温暖和幸福。
你在想我吗?你又在做什么呢?呵呵,不知不觉又写了这么多,还是赶紧打住吧,呵呵。
再次见面的时候不知道会是一种什么感觉,只希望那一天能尽早到来。昨天为了申请签证延期寄出去的passport今天已经确认收到了,等吧,快了。只希望下次见面的时候和你在一起的时间会长一些,什么都不用做,就那么静静地坐着,听听彼此呼吸的声音也好,好像已经习惯了从电话中传出的你的轻轻的呼吸声。
2号晚上在工体有Beyond的黄贯中和叶世荣的演唱会,咱们一起去看,好吗?
刚挑了一些照片发给你,有London的,Norwich的,Amsterdam的,还有一个忘了什么名字的什么garden的。都是以前拍的了,而且压成了很小的图片,呵呵。
我也不知道自己怎么了,但今天确实做了一件傻事儿。呵呵。不断的告诉自己很多遍,有些话一定要到下一次看到你的时候看着你的眼睛告诉你,可不知道自己是怎么了,总觉得现在心里的这些话,如果不告诉你,可能以后都没有机会了。
想过很多种方法,呵呵,别笑我傻。发信息告诉你,或者发email告诉你,或者写在卡上告诉你。可都被自己否决了。发信息肯定是最笨最笨的方法了,估计连傻子都知道。发email告诉你,又觉得这些出现在屏幕上的字儿都是冷冰冰的,也不好。写在卡上告诉你的确不错,可又只能到下次见到你的时候才能交给你,等不了那么长时间了。又想是不是可以冷不丁的白天某个时候给你打个快速电话,说出来,想想那样更白痴。呵呵。别笑我,就这件事儿让我足足想了一整天。其实晚上给你打电话的时候也好多次都话到嘴边有忍住了,大概我就是这样的一个人吧。最后,到了最后,实在是觉得如果再不说今天肯定又没有机会了,才鼓起勇气说了出来。笑我吧,呵呵。
可能我太冒失了,不知道这些话说出来,而且是通过电话告诉你,你会是一种什么心情。不管了,反正话也说了,你怎么想我是你的事情了,呵呵。你可以想我是个随便的人,或者从来没正经,或者随便什么,不管了,我只想把心里的话告诉你。
跟你说过有些话无论如何,不管怎样,我也会看着你的眼睛对你说的。只乞求下次再见面的时候和你在一起的时间能长一点儿,真的。
又给你写了一张卡,呵呵。到时候应该有多少呢?25张?可能吧,呵呵。如果我没有哪天漏掉的话。
很想念你。
想你的感觉就像是一种味道,一种很奇妙的味道,透过鼻子的那一瞬间就已经知道不会再忘记了。
从初次见你到今天已经整整一个礼拜的时间了,时间过得很慢却又很快。跟你说话的时候,不知不觉一个小时两个小时就那样飞一样的过去了,没有你的时候,连本来自认为挺热爱的工作都变得索然无味了。这也算是缘分吧,你说呢?
喜欢一个女孩需要理由吗?可能吧,我也不知道。我现在只是觉得你就像一块巨大的吸铁石,把我吸引过去。我就像一只寻路回家的小狗一样,坚持着鼻尖那永远抹之不去的味道,朝着那条路一直走下去。不知道前方的路会有多长,也不知道前方会有什么荆棘坎坷,只希望能在某一个清晨发现你就站在那路的尽头。
好像开始痴人说梦了。呵呵。梦就梦吧,就当自己是在做梦,起码这个梦让我觉得温暖和幸福。
你在想我吗?你又在做什么呢?呵呵,不知不觉又写了这么多,还是赶紧打住吧,呵呵。
再次见面的时候不知道会是一种什么感觉,只希望那一天能尽早到来。昨天为了申请签证延期寄出去的passport今天已经确认收到了,等吧,快了。只希望下次见面的时候和你在一起的时间会长一些,什么都不用做,就那么静静地坐着,听听彼此呼吸的声音也好,好像已经习惯了从电话中传出的你的轻轻的呼吸声。
2号晚上在工体有Beyond的黄贯中和叶世荣的演唱会,咱们一起去看,好吗?
Monday, 7 April 2008
关于中国的问答
Q: Do Chinese eat dogs?
A: Yes. And cats. Especially on our "Thanks receiving" day. Besides, turkeys are our favorite pets. In China only the most uneducated eat turkeys.
Q: China is becoming strong. Does your government want to take over the world?
A: Yes, absolutely. As soon as we become powerful, we will invade Iraq and Afghanistan.
Q: Why doesn't your government give Tibet back to its monks?
A: Because the monks want to help the Seminoles take back Florida.
Q: Are the products made in China very cheap?
A: Yes. Were we using slaves, the price would be even cheaper.
Q: Why you are the only kid in your family?
A: Because my parents don't **** with everybody.
Q: You have 1.4 billion people. Now what do you want to do with it?
A: Find a new planet. Kill the native people there, and move in.
A: Yes. And cats. Especially on our "Thanks receiving" day. Besides, turkeys are our favorite pets. In China only the most uneducated eat turkeys.
Q: China is becoming strong. Does your government want to take over the world?
A: Yes, absolutely. As soon as we become powerful, we will invade Iraq and Afghanistan.
Q: Why doesn't your government give Tibet back to its monks?
A: Because the monks want to help the Seminoles take back Florida.
Q: Are the products made in China very cheap?
A: Yes. Were we using slaves, the price would be even cheaper.
Q: Why you are the only kid in your family?
A: Because my parents don't **** with everybody.
Q: You have 1.4 billion people. Now what do you want to do with it?
A: Find a new planet. Kill the native people there, and move in.
缘分
从小都不知道到底什么是缘分,感觉那玩意儿太虚无缥缈了,从来也没有体会过别人所说的缘分。。。
或许和一个几天前还素不相识的女孩能天天通电话就是缘分?或许天天都在想念一个遥远的需要坐十几个小时的飞机才能见上一面的女孩就是缘分?或许在几天前短短几个小时见面后就匆匆分开但又日日夜夜的想念着一个女孩就是缘分?
我也不知道。。。总之一切都很突然,没有任何的计划,也没有任何的征兆。就那么偶然地见到了你,偶然得现在想起来都觉得奇怪。。。
你的美丽是那种迷人的美,是那种让人看一眼就无法忘记的美,是那种让人会感到害怕的美。可能就是你那份迷人才让我鼓起勇气与你联系。呵呵。。。
在世界的另一边的你已经呼呼睡去了,呵呵。乖乖睡吧,吃成小胖猪没有关系,但不允许你变得不漂亮了,哈哈。
或许和一个几天前还素不相识的女孩能天天通电话就是缘分?或许天天都在想念一个遥远的需要坐十几个小时的飞机才能见上一面的女孩就是缘分?或许在几天前短短几个小时见面后就匆匆分开但又日日夜夜的想念着一个女孩就是缘分?
我也不知道。。。总之一切都很突然,没有任何的计划,也没有任何的征兆。就那么偶然地见到了你,偶然得现在想起来都觉得奇怪。。。
你的美丽是那种迷人的美,是那种让人看一眼就无法忘记的美,是那种让人会感到害怕的美。可能就是你那份迷人才让我鼓起勇气与你联系。呵呵。。。
在世界的另一边的你已经呼呼睡去了,呵呵。乖乖睡吧,吃成小胖猪没有关系,但不允许你变得不漂亮了,哈哈。
Sunday, 6 April 2008
How funny is that?!
3月15日NetBeans网站上发布了又一系列关于人们为什么switch到NetBeans IDE的announcement。大概看了一下,只能说,How funny is that?!?! 有兴趣的同学可以到这里看一下。
这个announcement的主题是:Real Stories From People Who Are Switching to NetBeans IDE。先看看所谓的stories吧。大概数了一下,一共有45个stories。但主要都是针对Eclipse和早已过气的JBuilder。针对的方面自然都是别的IDE的弱项,比如GUI Designer,JavaEE Development。而且大多数的stories都已过时,比较的都是NetBeans 5.0和Eclipse 3.0时代的故事。的确,NetBeans 5.0包括一个让所有人震惊的Matisse GUI Designer。可殊不知,Matisse只不过是Sun逐步open-source它的Java Studio Creator。那个时候的Eclipse在这方面的确很弱,Visual Editor和Web Tools Platform Project都还在起步阶段。自然成了很多人switching的原因了。哈哈哈。不过,Eclipse的极度自豪的The Standard Widget Toolkit (SWT)的确从一开始就是一个不折不扣的joke。我们已经有了Swing/AWT,为什么还要去弄一个SWT/AWT了?!更可笑的是一个小小的Mac下的SWT的bug:SWT_AWT not implemented for Mac,折磨了使用Mac的同学这么多年。
这45个stories中没有针对Oracle的JDeveloper的,因为Sun的NetBeans的强项无外乎在上面说的那两个方面,可和JDeveloper比起来,就只能自惭形秽了。说到JavaEE和EJB3的支持,试问JavaEE中的JPA RI都是用的Oracle的TopLink,IDE的code-generating的support还有什么可比性吗?!而且JDeveloper完美支持Oralce ADF,特别是Oralce ADF Faces和Oracle ADF Business Objects。有如此完善,可以说保罗万象的支持,Sun当然不会傻到向JDeveloper开火。
再说这45个stories中,只有两个stories提到了JetBrains的Intellij IDEA。哈哈。理由已经可笑到了,说IDEA没有native的Ant支持和building a jar file out of box?!?! How funny is that?!?! 另一个让人无语的理由是说IDEA只适合JavaSE Development,对JavaEE的支持很差。可仔细一看,原来这个同学用的是IDEA 5来和最新的NetBeans比较。唉。殊不知IDEA 6提供了极好的JavaME开发环境,同时有绝好的Ruby和Ruby on Rails的支持,JSP editor中的JavaScript code completion。没有用过的同学,不会体会的。回头来看NetBeans,NetBeans 6还在milestone阶段,今年年底才会发布,NetBeans 6才会包括对Ruby等scripting language的native support。可是那时IDEA已经会release IDEA 7 。Ant 1.7, Facets, Spring Framework, Hibernate, Maven, TestNG, Refactoring, Profiler, Debugger, Code Inspection。你还能要求什么,你还能期待什么?
看来真如一个同学所说的,这是很好很好的一篇文章,非常中肯的述说了这场无休止的Java IDE战争中仅存三个元老:NetBeans, Eclipse和IntelliJ。文章比较分以下几个方面比较了三个IDE的优缺点:Swing, JSP/Struts, JavaServer Faces, J2EE/EJB3。所有跟Java打交道的同学都应该看看。看来确实是时候Sun勇敢的放弃NetBeans,成立一个NetBeans Foundation了。不要再左右NetBeans的发展了,就像当年IBM一样,勇敢的成立了Eclipse Foundation。
呵呵。How funny is that?!?!
这个announcement的主题是:Real Stories From People Who Are Switching to NetBeans IDE。先看看所谓的stories吧。大概数了一下,一共有45个stories。但主要都是针对Eclipse和早已过气的JBuilder。针对的方面自然都是别的IDE的弱项,比如GUI Designer,JavaEE Development。而且大多数的stories都已过时,比较的都是NetBeans 5.0和Eclipse 3.0时代的故事。的确,NetBeans 5.0包括一个让所有人震惊的Matisse GUI Designer。可殊不知,Matisse只不过是Sun逐步open-source它的Java Studio Creator。那个时候的Eclipse在这方面的确很弱,Visual Editor和Web Tools Platform Project都还在起步阶段。自然成了很多人switching的原因了。哈哈哈。不过,Eclipse的极度自豪的The Standard Widget Toolkit (SWT)的确从一开始就是一个不折不扣的joke。我们已经有了Swing/AWT,为什么还要去弄一个SWT/AWT了?!更可笑的是一个小小的Mac下的SWT的bug:SWT_AWT not implemented for Mac,折磨了使用Mac的同学这么多年。
这45个stories中没有针对Oracle的JDeveloper的,因为Sun的NetBeans的强项无外乎在上面说的那两个方面,可和JDeveloper比起来,就只能自惭形秽了。说到JavaEE和EJB3的支持,试问JavaEE中的JPA RI都是用的Oracle的TopLink,IDE的code-generating的support还有什么可比性吗?!而且JDeveloper完美支持Oralce ADF,特别是Oralce ADF Faces和Oracle ADF Business Objects。有如此完善,可以说保罗万象的支持,Sun当然不会傻到向JDeveloper开火。
再说这45个stories中,只有两个stories提到了JetBrains的Intellij IDEA。哈哈。理由已经可笑到了,说IDEA没有native的Ant支持和building a jar file out of box?!?! How funny is that?!?! 另一个让人无语的理由是说IDEA只适合JavaSE Development,对JavaEE的支持很差。可仔细一看,原来这个同学用的是IDEA 5来和最新的NetBeans比较。唉。殊不知IDEA 6提供了极好的JavaME开发环境,同时有绝好的Ruby和Ruby on Rails的支持,JSP editor中的JavaScript code completion。没有用过的同学,不会体会的。回头来看NetBeans,NetBeans 6还在milestone阶段,今年年底才会发布,NetBeans 6才会包括对Ruby等scripting language的native support。可是那时IDEA已经会release IDEA 7 。Ant 1.7, Facets, Spring Framework, Hibernate, Maven, TestNG, Refactoring, Profiler, Debugger, Code Inspection。你还能要求什么,你还能期待什么?
看来真如一个同学所说的,这是很好很好的一篇文章,非常中肯的述说了这场无休止的Java IDE战争中仅存三个元老:NetBeans, Eclipse和IntelliJ。文章比较分以下几个方面比较了三个IDE的优缺点:Swing, JSP/Struts, JavaServer Faces, J2EE/EJB3。所有跟Java打交道的同学都应该看看。看来确实是时候Sun勇敢的放弃NetBeans,成立一个NetBeans Foundation了。不要再左右NetBeans的发展了,就像当年IBM一样,勇敢的成立了Eclipse Foundation。
呵呵。How funny is that?!?!
关于Nintendo Wii
今天研究了一下Wii,确实不错。挺有意思。现在回顾一下。有兴趣的同学可以到我的flickr上看Wii的照片。
首先,Wii自带了五个sports游戏,有网球,垒球,拳击,保龄球和高尔夫。控制手柄就套在手上,需要像真正比赛那样,大有身临其境的感觉。特别是网球和拳击,一场比赛下来,让人大汗淋漓。哈哈。网球可以支持4个人同时比赛,发球,接发球,进攻,非常逼真,画面质量有一些卡通,但还算细腻。游戏还提供一个training和fitness的板块,有预先设计好的项目,从头到尾进行一遍可以计算出你的Wii age。我很荣幸的被告知我已经72岁了。唉。
其次,所有的控制都是用Wii Remote Control完成,有一个接收装置,放在电视机上,所有的控制就可以使用控制器对着电视指点完成。操作界面非常人性化,非常方便。
第三,音响效果也还不错。
第四,支持wireless,可以上网下载Opera based web browser。安装后跟使用电脑上网完全一样,browser支持unicode,中文显示也易如反掌。非常方便。Browser支持Javascript和Flash,播放YouTube video非常流畅。
第五,Wii向后兼容Nintendo过去的所有游戏,可以通过主界面下的Wii Shop Channel直接购买,下载到机器里玩。试着下了个超级玛利,重温了一下童年。
第六,Wii还有News Channel,提供international和localised新闻,可以随时更新,界面不错。
第七,Wii的Weather Forecast Channel可以显示本地的天气预报。
第八,Wii还有一个Photo Channel,使用SD卡把你想看的照片存好,可以在电视上看slideshow。效果不错,自带了很多背景音乐,也可以自己用SD卡把想听的MP3格式的音乐放进Wii里。还有一个很有趣的Photo Edit,提供很多种画笔和功能,可以随心所欲的修改照片。
第九,每个人可以给自己创建一个Mii,就是一个生活在Wii里的人物。长相可以自己设计,眼睛眉毛鼻子嘴都可以自己设计。设计好以后,Wii会自动为每个Mii记录比赛等游戏的经验,等级等等。自己设计的Mii还可以带出来,带到别人的Wii上,参加朋友的游戏。设计理念挺不错。人机交互想法挺有意思。
第十,Wii还提供一个Message Board Channel。里面可以记录你每天的游戏的activity。可以自己post memo。
刚才出去买了GT Pro Series和Tom Clancy's Splinter Cell: Double Agent两个游戏。哈哈哈。
首先,Wii自带了五个sports游戏,有网球,垒球,拳击,保龄球和高尔夫。控制手柄就套在手上,需要像真正比赛那样,大有身临其境的感觉。特别是网球和拳击,一场比赛下来,让人大汗淋漓。哈哈。网球可以支持4个人同时比赛,发球,接发球,进攻,非常逼真,画面质量有一些卡通,但还算细腻。游戏还提供一个training和fitness的板块,有预先设计好的项目,从头到尾进行一遍可以计算出你的Wii age。我很荣幸的被告知我已经72岁了。唉。
其次,所有的控制都是用Wii Remote Control完成,有一个接收装置,放在电视机上,所有的控制就可以使用控制器对着电视指点完成。操作界面非常人性化,非常方便。
第三,音响效果也还不错。
第四,支持wireless,可以上网下载Opera based web browser。安装后跟使用电脑上网完全一样,browser支持unicode,中文显示也易如反掌。非常方便。Browser支持Javascript和Flash,播放YouTube video非常流畅。
第五,Wii向后兼容Nintendo过去的所有游戏,可以通过主界面下的Wii Shop Channel直接购买,下载到机器里玩。试着下了个超级玛利,重温了一下童年。
第六,Wii还有News Channel,提供international和localised新闻,可以随时更新,界面不错。
第七,Wii的Weather Forecast Channel可以显示本地的天气预报。
第八,Wii还有一个Photo Channel,使用SD卡把你想看的照片存好,可以在电视上看slideshow。效果不错,自带了很多背景音乐,也可以自己用SD卡把想听的MP3格式的音乐放进Wii里。还有一个很有趣的Photo Edit,提供很多种画笔和功能,可以随心所欲的修改照片。
第九,每个人可以给自己创建一个Mii,就是一个生活在Wii里的人物。长相可以自己设计,眼睛眉毛鼻子嘴都可以自己设计。设计好以后,Wii会自动为每个Mii记录比赛等游戏的经验,等级等等。自己设计的Mii还可以带出来,带到别人的Wii上,参加朋友的游戏。设计理念挺不错。人机交互想法挺有意思。
第十,Wii还提供一个Message Board Channel。里面可以记录你每天的游戏的activity。可以自己post memo。
刚才出去买了GT Pro Series和Tom Clancy's Splinter Cell: Double Agent两个游戏。哈哈哈。
一起来学Swahili
Swahili是東非,主要是Kenya和Tanzania的第一官方語言。
基本用法如下。學吧學吧。
Hello: Habari.
Goodbye: Tutaonana.
See you later: Baadaye.
I'm pleased to meet you: Nafurahi Kukufahamu.
Thank you: Asante.
Yes: Ndiyo.
No: Hapana.
Excuse me: Samahani.
Sorry: Pole.
Where are the toilets: Vyoo viko wapi?
I have a reservation: Nina buking.
The automated teller machine took my card: Mashine ya kutolea pesa ilichukua kadi yangu.
Kiss me: Nibusu.
I want you: Nakutaka.
Let's go to bed: Twende kitandani.
Touch me here: Niguse hapa.
Do you have a condom: Una kondom?
Oh my God: Mwenyezi Mungu!
I love you: Nakupenda.
I'll keep in touch: Nitakuwasiliana.
I'll miss you: Nitakukosa.
Careful: Angalia.
Help: Saidia.
It's an emergency: Ni dharura.
Call an ambulance: Ita gari la hospitali.
I'm sick: Mimi ni mgonjwa.
學吧。學吧。學吧。
基本用法如下。學吧學吧。
Hello: Habari.
Goodbye: Tutaonana.
See you later: Baadaye.
I'm pleased to meet you: Nafurahi Kukufahamu.
Thank you: Asante.
Yes: Ndiyo.
No: Hapana.
Excuse me: Samahani.
Sorry: Pole.
Where are the toilets: Vyoo viko wapi?
I have a reservation: Nina buking.
The automated teller machine took my card: Mashine ya kutolea pesa ilichukua kadi yangu.
Kiss me: Nibusu.
I want you: Nakutaka.
Let's go to bed: Twende kitandani.
Touch me here: Niguse hapa.
Do you have a condom: Una kondom?
Oh my God: Mwenyezi Mungu!
I love you: Nakupenda.
I'll keep in touch: Nitakuwasiliana.
I'll miss you: Nitakukosa.
Careful: Angalia.
Help: Saidia.
It's an emergency: Ni dharura.
Call an ambulance: Ita gari la hospitali.
I'm sick: Mimi ni mgonjwa.
學吧。學吧。學吧。
独自等待
就这样独自等待着,独自等待着并不清晰的明天。将会在哪里,将会遇见谁,将会做什么,都很不清晰。或许是因为期待,如果没有了期待,也就不用再这样孤独的等待。
春天来了,可空气还没有转暖。随处能感觉到的,还是同样的冰冷。
不知道自己到底想要什么,这个问题困扰了我很久。还有期望吗?自己也说不清楚了。或许还有些许,否则就不会这样独自等待了。
归期很近了。接下来的路该怎样去走呢?不知道。
远方的你还好吗?
时间就这样分分秒秒的过去,独自等待。
大坏蛋的诗
我踏在有着阳光的日子里
却时常想冬季里的你
日子如行云流水
匆匆而逝
只有昔日的旧照片
停留在我的手心
我偶尔在微风中哭泣
泪水像薄纱
蒙住了昔日的记忆
我偶尔会独自笑地很开心
笑容像风
撩开了薄纱
想起了你
走在
我的世界里
我
常常
想起你
天空有雨飘过
印证它的 是叶子上闪闪烁烁的雨珠
还来不及伤感 就发现阳光忽洒在掌心上面
一杯咖啡 会不会是一个故事
一段回忆 却是长长的沉淀
我看见
雨后 彩虹呈现
像梦中 看到的你的笑容
是这样的心亮而烂漫
伸出手 想构造七彩斑斓
然而 举手的时候
停在了飘着细雨的空气之间
泪水偷袭了双眼
模糊 模糊 模糊了你的微笑你的脸
为什么 你明明走进了我的空间
握住了我的手 却又遗失在梦里面
你走的这样匆匆然
我还来不及牵过你的手
一切剩下的 就只是
雨过天晴
掌心上的星星点点
我们在偶然间遇见
你可知 这遇见的艰难
要经历百年的修行 千年的期盼
所以我会在拥抱里 这样坦坦然
我们的遇见
像王子遇上了公主
像星星遇上了亮晶晶的钻
当你第一次握住我的手
我忽然间明白
整个世界于我
就是与你两手相牵
却时常想冬季里的你
日子如行云流水
匆匆而逝
只有昔日的旧照片
停留在我的手心
我偶尔在微风中哭泣
泪水像薄纱
蒙住了昔日的记忆
我偶尔会独自笑地很开心
笑容像风
撩开了薄纱
想起了你
走在
我的世界里
我
常常
想起你
天空有雨飘过
印证它的 是叶子上闪闪烁烁的雨珠
还来不及伤感 就发现阳光忽洒在掌心上面
一杯咖啡 会不会是一个故事
一段回忆 却是长长的沉淀
我看见
雨后 彩虹呈现
像梦中 看到的你的笑容
是这样的心亮而烂漫
伸出手 想构造七彩斑斓
然而 举手的时候
停在了飘着细雨的空气之间
泪水偷袭了双眼
模糊 模糊 模糊了你的微笑你的脸
为什么 你明明走进了我的空间
握住了我的手 却又遗失在梦里面
你走的这样匆匆然
我还来不及牵过你的手
一切剩下的 就只是
雨过天晴
掌心上的星星点点
我们在偶然间遇见
你可知 这遇见的艰难
要经历百年的修行 千年的期盼
所以我会在拥抱里 这样坦坦然
我们的遇见
像王子遇上了公主
像星星遇上了亮晶晶的钻
当你第一次握住我的手
我忽然间明白
整个世界于我
就是与你两手相牵
关于Blog不再更新的十大猜想
1.阳痿型:兴奋期已过,“性”趣不在,没有博的乐趣了;
2.消失型:玩失踪,人间蒸发的也不少;
3.工作狂型:工作忙,没时间恐怕也只是借口吧…
4.懒人型:人的惰性在任何事物上都能有体现…
5.域名空间到期:直接是无法访问;
6.改头换面型:换了新的环境,新的生活,干脆彻底改头换面、隐姓埋名,从头再来~
7.生活所迫型:猪肉都吃不起了,哪有精力去博…
8.“好孩子”型:不抽烟喝酒,不玩QQ打游戏,干脆连网也戒了!
9.狡兔N窟型:这种人不是以写博客为乐趣,而是以建立更多的博客为目的,可能哪天就连从前博的地址帐号密码都忘了吧…
10.黔驴技穷型:某天突然发现脑中一片空白,无话可说自然不说为罢了~
2.消失型:玩失踪,人间蒸发的也不少;
3.工作狂型:工作忙,没时间恐怕也只是借口吧…
4.懒人型:人的惰性在任何事物上都能有体现…
5.域名空间到期:直接是无法访问;
6.改头换面型:换了新的环境,新的生活,干脆彻底改头换面、隐姓埋名,从头再来~
7.生活所迫型:猪肉都吃不起了,哪有精力去博…
8.“好孩子”型:不抽烟喝酒,不玩QQ打游戏,干脆连网也戒了!
9.狡兔N窟型:这种人不是以写博客为乐趣,而是以建立更多的博客为目的,可能哪天就连从前博的地址帐号密码都忘了吧…
10.黔驴技穷型:某天突然发现脑中一片空白,无话可说自然不说为罢了~
Blackboard Academic Suite and Vintela mod_auth_vas integration
I’ll talk about how to deploy Vintela mod_auth_vas on Blackboard Academic Suite to implement Single Sign-On (SSO) environment for your orgnisation today.
For details about Blackboard Academic Suite, please visit:
http://www.blackboard.com For details about Vintela mod_auth_vas, please visit:
http://rc.quest.com/topics/mod_auth_vas/ I’ve been posting blog articles regarding various Blackboard Academic Suite and Single Sign-On (SSO) issues, for details please visit:
http://blog.cokee.org/?cat=11
# pkginfo | grep gcc application SMCgcc gcc
#!/usr/local/bin/perl
auth.type.webserver.impl=blackboard.platform.security.authentication.ExternalAuthModule
sh ./setup-mod_auth_vas
You may get error at the end saying ‘Module not loaded’. Please ignore that.
-r——– 1 bbuser nobody 135 Aug 9 11:29 HTTP.keytab
For details about Blackboard Academic Suite, please visit:
http://www.blackboard.com For details about Vintela mod_auth_vas, please visit:
http://rc.quest.com/topics/mod_auth_vas/ I’ve been posting blog articles regarding various Blackboard Academic Suite and Single Sign-On (SSO) issues, for details please visit:
http://blog.cokee.org/?cat=11
Hardware/Software Specification:
- Server: Sun Fire v240
- Operating System: Sun Solaris 9 (SunOS 5.9)
- Blackboard Academic Suite 7.1: 7.1.467.28
- Mod_auth_vas: 3.4.0 (r233)
1. VAS 3.0 (or later)
2. The VAS developer kit ‘vasdev’
2. The VAS developer kit ‘vasdev’
Please check whether ‘vasdev’ has been installed using following command:
# pkginfo | grep vasdev
application vasdev Vintela Authentication Services – SDK
3. C compiler (e.g. GCC)
This package includes the GNU C, C++, and f77 suites and support files. These GCC packages require the installation of libiconv, which could be downloaded from:
Once downloaded, please use the following command to unzip the libiconv package first:
gunzip libiconv-1.11-sol9-sparc-local.gz
The unzipped file will have a name called:
libiconv-1.11-sol9-sparc-local
Install this package first by using the following command:
# pkgadd -d libiconv-1.11-sol9-sparc-local
The package will be installed using name SMCliconv. Please use the following command to verify the installation:
# pkginfo | grep libiconv
application SMCliconv libiconv
Please use this command to unzip the gcc package:
gunzip gcc-3.4.6-sol9-sparc-local.gz
The unzipped file will have a name called:
gcc-3.4.6-sol9-sparc-local
Install this package using the following command:
# pkgadd -d gcc-3.4.6-sol9-sparc-local
The package will be installed using name SMCgcc. Please use the following command to verify the installation:
# pkginfo | grep gcc application SMCgcc gcc
4. GNU Make
Once downloaded, please use the following command to unzip the package:
gunzip make-3.81-sol9-sparc-local.gz
The unzipped file will have a name called;
make-3.81-sol9-sparc-local
Please use the following command to install Solaris GNU make package:
# pkgadd -d make-3.81-sol9-sparc-local
The package will be installed using name SMCmake. Please use the following command to verify the installation:
# pkginfo | grep make
application SMCmake make
system
SUNWsprox Sun WorkShop Bundled 64-bit make library
system SUNWxcu4t XCU4 make and sccs utilities
The first line of the output indicates that the package has been installed successfully.
5. Apache HTTP Server (1.3.x)
Blackboard Academic Suite 7.1 release comes with a bundled Apache HTTP server 1.3.37, but the APache eXtenSion tool (APXS) is compiled using Sun Solaris C Compiler which is not compatible with mod_auth_vas. So it’s necessary to install a fresh copy of Apache HTTP Server 1.3.x for building the VAS module.
It will install a copy of Apache HTTP Server 1.3.27 in /usr/local/apache.
Once downloaded, please use the following command to unzip the file:
gunzip apache-1.3.27-sol9-sparc-local.gz
The unzipped file will have a name called:
apache-1.3.27-sol9-sparc-local
Install the Apache HTTP server by using the following command:
# pkgadd -d apache-1.3.27-sol9-sparc-local
Please use the following command to verify the installation of Apache HTTP server 1.3.27:
# pkginfo | grep apache
application SMCapache apache
Part 2: Install mod_auth_vas
1. Download the source package (the latest production release is 3.4.0 as the time of writing) from:
2. Unpack the source package using following command:
gunzip mod_auth_vas-3.4.0.186.tar.gz
tar xvf mod_auth_vas-3.4.0.186.tar
A folder called mod_auth_vas-3.4.0.186 will be created.
3. Change your PATH environment variable:
The mod_auth_vas installer script is not compatible with Sun Solaris 9 bash. So please put /usr/xpg4/bin in front of your PATH using the following command (I’m assuming you’re using Bash, if not, please type ‘bash’ and press ‘enter’ first):
export PATH=/usr/xpg4/bin:$PATH
Please add the newly installed GNU Make and GCC into your PATH as well by using the following command:
export PATH=/usr/local/bin:$PATH
Please add the newly installed APXS into your PATH by using the following command:
export PATH=/usr/local/apache/bin:$PATH
In order to build the module successfully, you have to put Sun’s ld to PATH as well, the following command will make sure that you have the correct PATH variable set up:
export PATH=/usr/xpg4/bin:/usr/local/apache/bin:/usr/local/bin:/usr/sbin:/usr/bin:/usr/css/bin
After this, your PATH environment variable should look like:
PATH=/usr/local/apache/bin:/usr/local/blackboard/apps/openssl/bin:/usr/local/bin:/usr/xpg4/bin:/usr/ccs/bin/:/usr/sbin:/usr/bin
4. Get the latest patch (r233)
The revision 233 of the mod_auth_vas.c has several bugs fixed: (bug #317, #319, #337, etc.). It could be downloaded from:
Please use mod_auth_vas.c (r233) to replace the original file in release 3.4.0.
Revision 233 introduced a new option AuthVasRemoteUserAttr to replace the original AuthVasLocalizeRemoteUser. So please use ‘AuthVasRemoteUserAttr sAMAccountName’ instead of ‘AuthVasLocalizeRemoteUser On’. This solution has not been finalised until the next production release.
5. Build the module
Use the following command to change your working directory to the module directory:
cd mod_auth_vas-3.4.0.186
The APXS bundled with the Apache HTTP server 1.3.27 installed previously is written in Perl, it is set to locate ‘perl’ at /usr/local/bin/perl. However, perl is located in /usr/bin/perl on Sun Solaris 9. So please modify the APXS script by changing the first line:
#!/usr/local/bin/perl
To
#!/usr/bin/perl
After this, apxs command should give you the following results:
# apxs
Usage: apxs -g [-S <var>=<val>] -n <modname>
apxs -q [-S <var>=<val>] <query> …
apxs -c [-S <var>=<val>] [-o <dsofile>] [-D <name>[=<value>]]
[-I <incdir>] [-L <libdir>] [-l <libname>] [-Wc,<flags>]
[-Wl,<flags>] <files> …
apxs -i [-S <var>=<val>] [-a] [-A] [-n <modname>] <dsofile> …
apxs -e [-S <var>=<val>] [-a] [-A] [-n <modname>] <dsofile> …
Please use the following command to run the pre-build configuration:
# ./configure
Once the pre-build configuration is done, please use the following command to build the module:
# make
The ‘make’ process should produce the Apache module called:
mod_auth_vas.so
6. Copy the newly built mod_auth_vas.so to
/usr/local/blackboard/apps/httpd/libexec/
Using the following command:
# pwd
/usr/local/blackboard/apps/httpd/libexec
# cp ~/bb71/modvas/mod_auth_vas.so ./
7. Change the group ownership of mod_auth_vas.so
# chown -R bbuser:other mod_auth_vas.so
8. Copy the newly generated setup-mod_auth_vas script to /opt/quest/bin.
# cp setup-mod_auth_vas /opt/quest/sbin/
Part 3: Blackboard configuration
1. Modify bb-config.properties in /usr/local/blackboard/config
Change bbconfig.auth.type from ‘ldap’ or ‘rdbms’ to ‘webserver’.
bbconfig.auth.type=webserver
2. Modify authentication.properties in /usr/local/blackboard/config
In Web-Server Delegation Authentication Properties section, change:
auth.type.webserver.impl=blackboard.platform.security.authentication.WindowsAuthModule
To
auth.type.webserver.impl=blackboard.platform.security.authentication.ExternalAuthModule
Change:
auth.type.webserver.def_key=UserRegistry
To
auth.type.webserver.def_key=BatchUid
3. Create HTTP service account
The HTTP service account could be created using the script provided by mod_auth_vas: setup-mod_auth_vas. By now, you should have already copied the script to /opt/quest/sbin.
Using the following command to create the new HTTP service account (Please note, you need AD admin access):
Using the following command to create the new HTTP service account (Please note, you need AD admin access):
sh ./setup-mod_auth_vas
Please follow the on-screen instructions, a new file called HTTP.keytab should be created in /etc/opt/quest/vas if everything is OK.
You may get error at the end saying ‘Module not loaded’. Please ignore that.
Scripts output:
This script checks your local configuration for properly using mod_auth_vas.
It will prompt you to create a web service object in Active Directory
if one is needed, and it will correct permissions on certain files.
Commands executed will be recorded in /tmp/mod_auth_vas-setup.log.12522
checking privileges ……………….. root looking for Apache extension tool …… /usr/local/apache/bin//apxs looking for Apache configuration file .. /usr/local/apache/conf/httpd.conf looking for Apache daemon group …….. nobody looking for HTTP/ keytab …………… This step creates a service object in Active Directory so that browsers can authenticate with this web server. You will need to know an account password that has sufficient privileges to create the new service object. Contact your systems administration staff if you do not.
Create the HTTP/ service account? [y]:
Please specify the container DN in which to create the service: Service container DN [default]: Please ask your own AD admin for details. Credentials required to create the service account
Please login with a sufficiently privileged domain account. Username [xxx]: Password for xxx: Service HTTP/ created successfully, keytab located at /etc/opt/quest/vas/HTTP.keytab. checking new service keytab ………… found
looking for HTTP/ keytab …………… /etc/opt/quest/vas/HTTP.keytab checking keytab is readable by nobody .. no
Change group of /etc/opt/quest/vas/HTTP.keytab to nobody? [y]:
-> fixing file mode and ownership …… fixed checking keytab can authenticate ……. yes
If you have clients using Internet Explorer, a known issue (KB899417) can see them suddenly being unable to authenticate after only 30 minutes. A workaround is to create SPN aliases with all the possible ’short-names’ that the client could use to access this server (i.e http://short-name/). SPN aliases can also be useful for servers with multiple DNS identities.
The HTTP/ service is currently known by these SPNs (service principal names):
HTTP/xxxx
Enter a new SPN alias, or ‘none’ to finish [none]: Testing whether service password expires no (good) checking mod_auth_vas is loaded …….. no
It doesn’t appear that the Apache web server is loading the VAS authentication module. This could be a problem in the configuration file (missing LoadModule or a syntax error), a mis-installation of mod_auth_vas or VAS, or perhaps this script is simply invoking the web server in the wrong way.
The command I used to detect what modules were loaded was:
/usr/local/apache/bin/httpd -f “/usr/local/apache/conf/httpd.conf” -t -e debug
-> Failed: Module not loaded. (Log written to /tmp/mod_auth_vas-setup.log.12522) 4. Change HTTP.keytab group ownership.
The Apache httpd process is running using bbuser/nobody. So please use the following command to change the group ownership of the keytab file:
# chown -R bbuser:nobody HTTP.keytab After this, the group ownership of host.keytab should look like:
-rw——- 1 bbuser nobody 289 Jul 17 16:23 HTTP.keytab
checking privileges ……………….. root looking for Apache extension tool …… /usr/local/apache/bin//apxs looking for Apache configuration file .. /usr/local/apache/conf/httpd.conf looking for Apache daemon group …….. nobody looking for HTTP/ keytab …………… This step creates a service object in Active Directory so that browsers can authenticate with this web server. You will need to know an account password that has sufficient privileges to create the new service object. Contact your systems administration staff if you do not.
Create the HTTP/ service account? [y]:
Please specify the container DN in which to create the service: Service container DN [default]: Please ask your own AD admin for details. Credentials required to create the service account
Please login with a sufficiently privileged domain account. Username [xxx]: Password for xxx: Service HTTP/ created successfully, keytab located at /etc/opt/quest/vas/HTTP.keytab. checking new service keytab ………… found
looking for HTTP/ keytab …………… /etc/opt/quest/vas/HTTP.keytab checking keytab is readable by nobody .. no
Change group of /etc/opt/quest/vas/HTTP.keytab to nobody? [y]:
-> fixing file mode and ownership …… fixed checking keytab can authenticate ……. yes
If you have clients using Internet Explorer, a known issue (KB899417) can see them suddenly being unable to authenticate after only 30 minutes. A workaround is to create SPN aliases with all the possible ’short-names’ that the client could use to access this server (i.e http://short-name/). SPN aliases can also be useful for servers with multiple DNS identities.
The HTTP/ service is currently known by these SPNs (service principal names):
HTTP/xxxx
Enter a new SPN alias, or ‘none’ to finish [none]: Testing whether service password expires no (good) checking mod_auth_vas is loaded …….. no
It doesn’t appear that the Apache web server is loading the VAS authentication module. This could be a problem in the configuration file (missing LoadModule or a syntax error), a mis-installation of mod_auth_vas or VAS, or perhaps this script is simply invoking the web server in the wrong way.
The command I used to detect what modules were loaded was:
/usr/local/apache/bin/httpd -f “/usr/local/apache/conf/httpd.conf” -t -e debug
-> Failed: Module not loaded. (Log written to /tmp/mod_auth_vas-setup.log.12522) 4. Change HTTP.keytab group ownership.
The Apache httpd process is running using bbuser/nobody. So please use the following command to change the group ownership of the keytab file:
# chown -R bbuser:nobody HTTP.keytab After this, the group ownership of host.keytab should look like:
-rw——- 1 bbuser nobody 289 Jul 17 16:23 HTTP.keytab
5. Change HTTP.keytab permission
The HTTP.keytab should only be readable by bbuser:
# chmod 400 HTTP.keytab
After this, the permission of HTTP.keytab should look like:
-r——– 1 bbuser nobody 135 Aug 9 11:29 HTTP.keytab
You may want to double check the settings by using the following command to print out your service account AD attributes:
# /opt/quest/bin/vastool -u xxx attrs -s HTTP/xxxx
5. Modify Apache httpd.conf.bb in /usr/local/blackboard/apps/httpd/conf:
Please note you should never modify httpd.conf directly.
Please add the following line in Dynamic Shared Object (DSO) Support section:
LoadModule auth_vas_module libexec/mod_auth_vas.so
AuthVasServicePrincipal HTTP/xxx
Please add the following section to the end of the httpd.conf.bb just before Apache-Tomcat Configuration section:
#mod_auth_vas
<Location “/”>
AuthType VAS
Require valid-user
AuthVasRemoteUserMap ldap-attr sAMAccountName
AuthVasUseBasic On
AuthVasUseNegotiate On
#actually, specific network can be added here to enable optional Negotiate Auth. Format: Network/Subnet masks
</Location>
Enable SSH access on Sun Solaris 9
I am going to talk about how to enable SSH access for a specific user on Sun Solaris 9 today. A new user could get SSH access in just five minutes if you follow the instructions.
In this article, a new user ‘cokeeorg‘ will be created in Part 1, the SSH access will be enabled in Part 2.
In this article, a new user ‘cokeeorg‘ will be created in Part 1, the SSH access will be enabled in Part 2.
Part 1: Adding new user ‘cokeeorg‘
Log in as root (you have to have root access for user creating, configuration file altering, etc.) or if your server is set up to prevent external root access, log in using your normal username and su to root instead.
1. Create home directory
Create a new directory for the new user. The location of the home directory varies and is mainly depend on your own server settings. I’m going to use /export/home in this post. Create a new directory using the following command:
cd /export/home
mkdir cokeeorg
2. Add a new group
mkdir cokeeorg
2. Add a new group
It may not be necessary to create a new group definition for our new user. This step is here to make the instruction complete. New group definition could be added on the system by using groupadd command. It will create a new group difinition on the system by adding the appropriate entry to the /etc/group file.
groupadd command comes with a -g gid option. If it is set, it will assign the group id gid for the new group. This group id must be a non-negative decimal integer below MAXUID as defined in /usr/include/sys/param.h. If it is not set, the group ID defaults to the next available (unique) number above the highest number currently assigned. For example, if groups 100, 105, and 200 are assigned as groups, the next default group number will be 201. Please note that Group IDs from 0-99 are reserved by SunOS for future applications.
The following command will do the job:
The following command will do the job:
groupadd -g 888 cokee
3. Add the new user
3. Add the new user
Solaris 9 does not have a command like adduser which walks you through the process step-by-step to create a new user. So that means you have to remember the four flags useradd command requires, and in what order it expects to receive them. The following command will create the new user ‘cokeeorg‘, associate it with the home directory we just created, and assign it to the new group ‘cokee‘ as well.
useradd -g cokee -c ‘CokeeOrg Demo’ -d /export/home/cokeeorg -s /usr/bin/bash cokeeorg
4. Change password
4. Change password
Once the new user has been created successul, you could change the password by using the following command:
passwd cokeeorg
The passwd command will prompt you with the new password, you have to type in the new password twice to confirm.
The passwd command will prompt you with the new password, you have to type in the new password twice to confirm.
5. Change home directory ownership
The owner of the newly created home directory ‘/export/home/cokeeorg‘ has to be set to our new user ‘cokeeorg’ as well. This could be done by:
chown -R cokeeorg:cokee /export/home/cokeeorg
Part 2: Enable SSH access for ‘cokeeorg‘
Part 2: Enable SSH access for ‘cokeeorg‘
1. Local SSH access can be enabled by editing sshd_config file in /etc/ssh. Add the newly created username to the end of the ‘AllowUsers‘ list:
AllowUsers cokeeorg
2. Restart SSH daemon
2. Restart SSH daemon
sshd (the SSH daemon) will restart automatically if it has been manually killed. First of all, use the following command to list all the running sshd process currently on the system:
ps -elf | grep sshd
This will give you a list of running sshd processes. Take a note of the process ID (pid) of the ‘master’ sshd (the one with the earlist start time (stime), and smallest ppid (normally, this should be 1). Kill that process manually by using:
This will give you a list of running sshd processes. Take a note of the process ID (pid) of the ‘master’ sshd (the one with the earlist start time (stime), and smallest ppid (normally, this should be 1). Kill that process manually by using:
kill -9 pid
Please use the actual pid you’ve got on your server in the above command.
After that, sshd daemon should restart by itself. And the newly updated sshd_config file should be loaded by the new daemon by default. You can log in using the new ‘cokeeorg’ now.
Please use the actual pid you’ve got on your server in the above command.
After that, sshd daemon should restart by itself. And the newly updated sshd_config file should be loaded by the new daemon by default. You can log in using the new ‘cokeeorg’ now.
三次同一地点不同时间遇见同一个人在做同一件事儿
前几天,去厕所。
刚推门进去,就听见马桶冲水的声音。我当然不予理会,自个儿干自个儿该干的事情去了。没过一会儿,门开了,出来一个巨胖巨胖的男人长相的东西,走路都晃晃悠悠的。接着就是胖子挤洗手液,洗手,到门口擦手,拉门出去了。这个时候我正好进行到一半。
今天上午,去厕所。
刚推门进去,就听见马桶冲水的声音。我当然不予理会,自个儿干自个儿该干的事情去了。没过一会儿,门开了,出来一个巨胖巨胖的男人长相的东西,走路都晃晃悠悠的。接着就是胖子挤洗手液,洗手,到门口擦手,拉门出去了。这个时候我正好进行到一半。
就在刚才,去厕所。
刚推门进去,就听见马桶冲水的声音。我当然不予理会,自个儿干自个儿该干的事情去了。没过一会儿,门开了,出来一个巨胖巨胖的男人长相的东西,走路都晃晃悠悠的。接着就是胖子挤洗手液,洗手,到门口擦手,拉门出去了。这个时候我正好进行到一半。
刚推门进去,就听见马桶冲水的声音。我当然不予理会,自个儿干自个儿该干的事情去了。没过一会儿,门开了,出来一个巨胖巨胖的男人长相的东西,走路都晃晃悠悠的。接着就是胖子挤洗手液,洗手,到门口擦手,拉门出去了。这个时候我正好进行到一半。
今天上午,去厕所。
刚推门进去,就听见马桶冲水的声音。我当然不予理会,自个儿干自个儿该干的事情去了。没过一会儿,门开了,出来一个巨胖巨胖的男人长相的东西,走路都晃晃悠悠的。接着就是胖子挤洗手液,洗手,到门口擦手,拉门出去了。这个时候我正好进行到一半。
就在刚才,去厕所。
刚推门进去,就听见马桶冲水的声音。我当然不予理会,自个儿干自个儿该干的事情去了。没过一会儿,门开了,出来一个巨胖巨胖的男人长相的东西,走路都晃晃悠悠的。接着就是胖子挤洗手液,洗手,到门口擦手,拉门出去了。这个时候我正好进行到一半。
靠。一个字儿,牛逼。
F-117A Nighthawk
The Lockheed F-117A Nighthawk is a stealth ground attack aircraft operated solely by the United States Air Force. As a product of the Lockheed Have Blue stealth prototype program, it became the first operational aircraft initially designed around stealth technology.
The F-117A was widely publicized during the Gulf War. The Air Force has been trying to retire the F-117, due mainly to the deployment of the more effective F-22 Raptor. The Air Force is planning to retire the F-117 from October 2006 to 2008, and no new pilots will be trained to fly the plane.
The F-117A was widely publicized during the Gulf War. The Air Force has been trying to retire the F-117, due mainly to the deployment of the more effective F-22 Raptor. The Air Force is planning to retire the F-117 from October 2006 to 2008, and no new pilots will be trained to fly the plane.
Royal Air Force Aerobatic Team - The Red Arrows
The Red Arrows, officially known as the Royal Air Force Aerobatic Team, is the aerobatics display team of the Royal Air Force, based at RAF Scampton, United Kingdom. They were formed in late 1964 as an all-RAF team, replacing a number of unofficial teams that had been sponsored by various RAF commands.
The Red Arrows badge shows the aircraft in their trademark diamond nine formation, with the motto Eclat, meaning “brilliance” or “excellence”.
Initially, the Red Arrows were equipped with seven Folland Gnat trainers which were inherited from another RAF display team, The Yellowjacks, and had been chosen because they were less expensive to operate than the front-line fighters. In their first season, they flew at 65 shows across Europe. In 1966, the team was increased to nine members, enabling them to develop their Diamond Nine formation. In late 1979, they switched to the BAE Hawk trainer. The Red Arrows have now performed nearly 4,000 displays world-wide, in over fifty countries, and are widely regarded as the world’s most skilled and famous military aerobatics teams.
The Red Arrows badge shows the aircraft in their trademark diamond nine formation, with the motto Eclat, meaning “brilliance” or “excellence”.
Initially, the Red Arrows were equipped with seven Folland Gnat trainers which were inherited from another RAF display team, The Yellowjacks, and had been chosen because they were less expensive to operate than the front-line fighters. In their first season, they flew at 65 shows across Europe. In 1966, the team was increased to nine members, enabling them to develop their Diamond Nine formation. In late 1979, they switched to the BAE Hawk trainer. The Red Arrows have now performed nearly 4,000 displays world-wide, in over fifty countries, and are widely regarded as the world’s most skilled and famous military aerobatics teams.
U.S. Air Force Air Demonstration Squadron - Thunderbirds
The Thunderbirds are the Air Demonstration Squadron of the United States Air Force. As such, they tour the United States and much of the world, performing aerobatic formation and solo flying in specially-marked USAF jet aircraft.
Officers serve a two-year assignment with the squadron, while enlisted personnel serve three to four. Replacements must be trained for about half of the team each year, providing a constant mix of experience.
The squadron performs no more than 88 air demonstrations each year and has never cancelled a demonstration due to maintenance difficulty. In addition to their air demonstration responsibilities, the Thunderbirds are part of the USAF combat force and a component of the 57th Wing. If required, the team’s personnel and aircraft can be rapidly integrated into a fighter unit at Nellis Air Force Base, Nevada.
Officers serve a two-year assignment with the squadron, while enlisted personnel serve three to four. Replacements must be trained for about half of the team each year, providing a constant mix of experience.
The squadron performs no more than 88 air demonstrations each year and has never cancelled a demonstration due to maintenance difficulty. In addition to their air demonstration responsibilities, the Thunderbirds are part of the USAF combat force and a component of the 57th Wing. If required, the team’s personnel and aircraft can be rapidly integrated into a fighter unit at Nellis Air Force Base, Nevada.
Indian Air Force - Su-30
The Sukhoi Su-30 (NATO reporting name “Flanker-C”) is an agile military aircraft developed by Russia’s Sukhoi Aviation Corporation and introduced into operational service in 1996. An air superiority fighter that can also perform ground strikes, the Su-30 is comparable to USA’s F/A-18E/F Super Hornet and F-15E Strike Eagle.
The aircraft is a modernized version of the Su-27UB and has several variants. The Su-30K and Su-30MK series have had commercial success. The variants are manufactured by competing organizations: KNAAPO and the IRKUT Corporation, both of which come under the Sukhoi group’s umbrella. KNAAPO manufactures the Su-30MKK and the Su-30MK2, which were designed for and sold to China. Irkut makes the long-range, multirole Su-30MK series, which are generally considered to be the most advanced Russian-designed aircraft in service. The series includes the Su-30MKI developed for the Indian Air Force and its derivatives, the MKM and MKA for Malaysia and Algeria respectively.
The aircraft is a modernized version of the Su-27UB and has several variants. The Su-30K and Su-30MK series have had commercial success. The variants are manufactured by competing organizations: KNAAPO and the IRKUT Corporation, both of which come under the Sukhoi group’s umbrella. KNAAPO manufactures the Su-30MKK and the Su-30MK2, which were designed for and sold to China. Irkut makes the long-range, multirole Su-30MK series, which are generally considered to be the most advanced Russian-designed aircraft in service. The series includes the Su-30MKI developed for the Indian Air Force and its derivatives, the MKM and MKA for Malaysia and Algeria respectively.
The Eurofighter Typhoon
The Eurofighter Typhoon is a twin-engine multi-role canard-delta strike fighter aircraft, designed and built by a consortium of European aerospace manufacturers through Eurofighter GmbH which was formed in 1986. However studies began as early as 1979 into what would become the Eurofighter Typhoon.
The series production of the Eurofighter Typhoon is now underway and the aircraft has formally entered service with the German Luftwaffe (Jagdgeschwader 74), Italian Air Force and with the Spanish Air Force. ‘Initial Operational Capability’ is expected to be declared by the United Kingdom’s Royal Air Force later this decade. Austria has purchased 15 Typhoons, while Saudi Arabia signed a contract on 18 August 2006 for 72 to be built by BAE Systems.
The series production of the Eurofighter Typhoon is now underway and the aircraft has formally entered service with the German Luftwaffe (Jagdgeschwader 74), Italian Air Force and with the Spanish Air Force. ‘Initial Operational Capability’ is expected to be declared by the United Kingdom’s Royal Air Force later this decade. Austria has purchased 15 Typhoons, while Saudi Arabia signed a contract on 18 August 2006 for 72 to be built by BAE Systems.
Ickworth House
Ickworth House is a country house outside Bury St. Edmunds, Suffolk, England. It is a neoclassical structure topped by a giant rotunda in a park laid out by Capability Brown. It is in the care of the National Trust, and, as part of the “Ickworth House, Park & Garden” property, is open to the public.
Ickworth had been in the ownership of the Hervey family from the 15th century. The house, park, and a large endowment were given to the National Trust in 1956 in lieu of death duties. As part of the handover agreement a 99-year lease on the 60-room East Wing was given to the Marquess of Bristol. The Letter of Wishes of the 4th Marquess of Bristol stated that accommodation should always be available for the head of the Hervey family (The Marquess of Bristol) at Ickworth. However, in 1998 the 7th Marquess of Bristol, partly for financial reasons, and partly in response to an eviction suit stemming from his behavior on the property, sold the remaining lease on the East Wing to the National Trust. The Trust subsequently refused to re-sell the leasehold to the 8th Marquess of Bristol on his succeeding to the title in 1999. There is now a 27-bedroom hotel in the East Wing.
Ickworth had been in the ownership of the Hervey family from the 15th century. The house, park, and a large endowment were given to the National Trust in 1956 in lieu of death duties. As part of the handover agreement a 99-year lease on the 60-room East Wing was given to the Marquess of Bristol. The Letter of Wishes of the 4th Marquess of Bristol stated that accommodation should always be available for the head of the Hervey family (The Marquess of Bristol) at Ickworth. However, in 1998 the 7th Marquess of Bristol, partly for financial reasons, and partly in response to an eviction suit stemming from his behavior on the property, sold the remaining lease on the East Wing to the National Trust. The Trust subsequently refused to re-sell the leasehold to the 8th Marquess of Bristol on his succeeding to the title in 1999. There is now a 27-bedroom hotel in the East Wing.
Yalu River
The Yalu River (Chinese) or the Amnok River (Korean), is a river on the border between China and North Korea. The Chinese name comes from a Manchu word meaning “the boundary between two fields”. The Korean name is the Korean pronunciation of the same Chinese characters.
From 2,500 m above sea level on Baekdu Mountain (Changbai Mountain), in the Changbai Mountains mountain range, on the China-North Korea border, the river flows south to Hyesan before sweeping 130 km northwest to Linjiang and then returning to a more southerly route for a further 300 km to empty into the Korea Bay between Dandong (China) and Sinŭiju (North Korea).
The bordering Chinese provinces are Jilin and Liaoning.
The river is 790 km (491 mi) long and receives the water from over 30,000 km² of land. The Yalu’s most significant tributaries are the Changjin (장진강; 長津江 or 长津江), Herchun (허천강;虚川江) and Tokro rivers. The river is not easily navigable for most of its length: although at its widest it is around 5 km, the depth is no greater than 3 m and much of the river is heavily silted.
From 2,500 m above sea level on Baekdu Mountain (Changbai Mountain), in the Changbai Mountains mountain range, on the China-North Korea border, the river flows south to Hyesan before sweeping 130 km northwest to Linjiang and then returning to a more southerly route for a further 300 km to empty into the Korea Bay between Dandong (China) and Sinŭiju (North Korea).
The bordering Chinese provinces are Jilin and Liaoning.
The river is 790 km (491 mi) long and receives the water from over 30,000 km² of land. The Yalu’s most significant tributaries are the Changjin (장진강; 長津江 or 长津江), Herchun (허천강;虚川江) and Tokro rivers. The river is not easily navigable for most of its length: although at its widest it is around 5 km, the depth is no greater than 3 m and much of the river is heavily silted.
South Africa visitor visa application
Appointment line for visas is: 09065 540 798.
Please note that you are required to provide your email address so that the South Africa High Commission the receipt of your application, also to enable them to inform you when your applications have been processed. The email address must be written at the bottom of the first page of the visa application form.
Requirements for visitors visas:
Requirements for visitors visas:
- Passport valid for no less than 30 days after the expiry of intended visit. Your passport must have at least two blank visa pages (one to stick the visa and one for entry stamps).
- Payment of the prescribed fee, if applicable.
- A vaccination certificate, if required by the Act.
- Proof of financial means in the form of:
- bank statements
- salary advices
- undertaking by the host in the Republic
- bursaries
- medical cover, or
- cash available, including credit cards or traveler’s cheques to cover envisaged living expenses during the sojourn in the Republic.
- Provisional flight booking or provisional flight itinerary.
- Statement and/or documentation confirming purpose and duration of visit.
- Two identity photographs.
- Request Form 11. Forms can either be collected in person at the Consular Section or send an A4 size self-addressed stamped envelope or download form 11 from here.
Processing fee:
- A visa application fee of 35.00 will be requested.
- Only cash, postal orders or bank drafts will be accepted. Postal orders and bank drafts should be made payable to the “South Africa High Commission’.
- No personal cheques or company cheques will be accepted.
Wimpole Hall
Wimpole Hall is a country house located within the Parish of Wimpole, Cambridgeshire, England, about 8½ miles (14 km) southwest of Cambridge. The house, begun in 1640, and its 3,000 acres (12 km²) of parkland and farmland are owned by the National Trust and are regularly open to the public.
Wimpole is the largest house in Cambridgeshire. Over the centuries, many notable architects have worked on it, including its first owner, Thomas Chicheley (between 1640 and 1670), James Gibbs (between 1713 and 1730), James Thornhill (1721), Henry Flitcroft (around 1749), John Soane (1790s), and H. E. Kendall (1840s).
Before the present Wimpole Hall was built in around 1640, there was a moated manor house set in a small 81 hectare (200 acre) deer-park. Situated to the north and south of this were three medieval villages: Bennall End, Thresham End and Green End. Wimpole Hall’s grounds were laid out and modified by landscape designers such as George London and Henry Wise (1693–1705), Charles Bridgeman (1720s), Robert Greening (1740s), ‘Capability’ Brown (1767), and Humphry Repton (1801–1809). The parkland as it exists today is an overlay of the work of these landscape designers and gardeners, and was completed under the auspices of Elsie and George Bambridge. Elsie, the daughter of Rudyard Kipling revitalised the house. Thanks to her efforts, this National Trust property is in the state it is in today.
Wimpole is the largest house in Cambridgeshire. Over the centuries, many notable architects have worked on it, including its first owner, Thomas Chicheley (between 1640 and 1670), James Gibbs (between 1713 and 1730), James Thornhill (1721), Henry Flitcroft (around 1749), John Soane (1790s), and H. E. Kendall (1840s).
Before the present Wimpole Hall was built in around 1640, there was a moated manor house set in a small 81 hectare (200 acre) deer-park. Situated to the north and south of this were three medieval villages: Bennall End, Thresham End and Green End. Wimpole Hall’s grounds were laid out and modified by landscape designers such as George London and Henry Wise (1693–1705), Charles Bridgeman (1720s), Robert Greening (1740s), ‘Capability’ Brown (1767), and Humphry Repton (1801–1809). The parkland as it exists today is an overlay of the work of these landscape designers and gardeners, and was completed under the auspices of Elsie and George Bambridge. Elsie, the daughter of Rudyard Kipling revitalised the house. Thanks to her efforts, this National Trust property is in the state it is in today.
瓜王-宋宝森-老宋
宋宝森自幼就对西瓜有一种特殊的感情。1983年农村实行土地联产承包,宋宝森便开始在自家承包土地里,种植西瓜并钻研栽培技术。经过不断的摸索,宋宝森掌握了相关技术,并将这些技术传授给了周围的瓜农兄弟们,为此赢得了周围瓜农的赞扬。有了成功经验,宋宝森说服了家人,退掉粮食承包地,全家一门心思搞起了西瓜种植,宋宝森开始探索反季节种植西瓜的管理技术。为了改变品种单一、上市量集中的现象,他和家人从北京农科院引进了30多种名、特、优品种,如京欣二号、京秀等,通过一系列有效措施,西瓜种植技术提高了,并实现了“四季生产,三季有瓜”的愿望。“老宋西瓜”的产品也受到了各界消费者的好评和专家的认可,越来越多的人吃到了优质西瓜,对庞各庄的西瓜有了更深的了解。因为成绩突出,宋宝森在2000年被评为“市级劳动模范”,此后,宋宝森更加坚定了种植西瓜的信心,他的儿子宋绍堂更是深得他的真传。
宋绍堂曾学过瓦木匠,做过家电维修,但他一直想在更广阔的领域成就事业。那时每到夏天,他都随父亲在瓜地里忙碌。1988年,北京市一家研究所到村里解决西瓜种植过程中的滞水、重茬问题,这时宋绍堂敏感的意识到,有了“重茬”这个突破口,父亲的“西瓜”就能成就一番大事业。因此,他毅然关闭了修理部与研究所合作搞起了“西瓜试验田”。宋绍堂对他的“西瓜事业”倾注了全部的精力和热情。到市里、区里的农科所向专家请教,参考专业书籍,到外地向有经验的瓜农请教,他已经到了如痴如醉的程度。就这样,凭着对“西瓜事业”的执着和信心,宋绍堂的事业也迅速膨胀起来。他开办了“西甜瓜专卖店”,组织成立了“西甜瓜产销协会”。
1998年6月26日,第十一届全国西瓜擂台赛在中国西瓜之乡北京市大兴区庞各庄拉开帷幕。宋绍堂代表“老宋西瓜”参赛。擂台赛很严格,对一个西瓜要从外观、重量、含糖量、皮厚度等角度综合评定。他参赛的“京欣一号”西瓜以体积大、含糖量高在赛场上引起了轩然大波,台下观众一片哗然。经评委们严格评审,“老宋西瓜”独占鳌头,宋绍堂当选为新一代“瓜王”。
此后,“老宋西瓜”在比赛中屡获“冠军”和“瓜王”称号。而且在北京大兴第十四届西瓜节精品拍卖会上,“老宋西瓜”以1个13200元天价拍出,以最昂贵的西瓜价格载入世界吉尼斯纪录,创西瓜历史之最。一年以后,又拍出1个西瓜19000元的天价。
目前,“老宋西瓜”已逐步成为西瓜中的名牌产品。2003年3月,宋绍堂在区镇两级政府的支持和帮助下,建立了“老宋西瓜”精品园,同时成立了北京老宋瓜王科技发展有限公司,而宋绍堂如今也在种植西瓜领域创下佳绩,成为“全国农村青年创业致富带头人”、“北京市十大杰出青年”,被中国特产之乡组委会评为“优秀企业家”。
宋绍堂曾学过瓦木匠,做过家电维修,但他一直想在更广阔的领域成就事业。那时每到夏天,他都随父亲在瓜地里忙碌。1988年,北京市一家研究所到村里解决西瓜种植过程中的滞水、重茬问题,这时宋绍堂敏感的意识到,有了“重茬”这个突破口,父亲的“西瓜”就能成就一番大事业。因此,他毅然关闭了修理部与研究所合作搞起了“西瓜试验田”。宋绍堂对他的“西瓜事业”倾注了全部的精力和热情。到市里、区里的农科所向专家请教,参考专业书籍,到外地向有经验的瓜农请教,他已经到了如痴如醉的程度。就这样,凭着对“西瓜事业”的执着和信心,宋绍堂的事业也迅速膨胀起来。他开办了“西甜瓜专卖店”,组织成立了“西甜瓜产销协会”。
1998年6月26日,第十一届全国西瓜擂台赛在中国西瓜之乡北京市大兴区庞各庄拉开帷幕。宋绍堂代表“老宋西瓜”参赛。擂台赛很严格,对一个西瓜要从外观、重量、含糖量、皮厚度等角度综合评定。他参赛的“京欣一号”西瓜以体积大、含糖量高在赛场上引起了轩然大波,台下观众一片哗然。经评委们严格评审,“老宋西瓜”独占鳌头,宋绍堂当选为新一代“瓜王”。
此后,“老宋西瓜”在比赛中屡获“冠军”和“瓜王”称号。而且在北京大兴第十四届西瓜节精品拍卖会上,“老宋西瓜”以1个13200元天价拍出,以最昂贵的西瓜价格载入世界吉尼斯纪录,创西瓜历史之最。一年以后,又拍出1个西瓜19000元的天价。
目前,“老宋西瓜”已逐步成为西瓜中的名牌产品。2003年3月,宋绍堂在区镇两级政府的支持和帮助下,建立了“老宋西瓜”精品园,同时成立了北京老宋瓜王科技发展有限公司,而宋绍堂如今也在种植西瓜领域创下佳绩,成为“全国农村青年创业致富带头人”、“北京市十大杰出青年”,被中国特产之乡组委会评为“优秀企业家”。
杜滋龄
1981年毕业于浙江美术学院(今中国美院)中国画系研究生班,受业于周昌谷、方增先、李震坚诸位师长。杜滋龄最早以绘连环画名世,练就一手过硬本领,笔墨技巧老到练熟这为他后来创作水墨人物作品奠定了坚实基础。他的传统功底好,线条流畅自然,人物造型准确,真可谓神来之笔,格调极高。严格意义上说,杜滋龄作品当归属浙派人物画一路,但由于他自浙美毕业并离开浙江后,久居天津,多受北方画派,尤其是黄胄、蒋兆和、卢沉、周思聪等作品的影响,画风日渐蜕变,使他的浙派画中融入北派风骨,终于形成自家独有的绘画风貌。杜滋龄当过美术编辑,做过出版社的总编,三年前任南开大学东方艺术系主任。与此同时,他还兼任着众多社会职务。作为艺术家,如今杜滋龄正当盛年,如日中天;而他在艺海耕耘已数十载,任劳负重,功成名就,硕果累累,令多少美术同行敬而慕之,望尘莫及。
在国画界,杜滋龄的人物画以其造型优美、笔墨精湛、清新灵气而被公认为人物画中的佼佼者。作为当代著名的人物画家,杜滋龄的国画作品人物造型生动优美,表情丰富动人,笔法灵活,墨色自然,不经意间,美丽的塔吉克女郎、迎着朔风前进的藏族牧民等形象就跃然纸上。
在国画界,杜滋龄的人物画以其造型优美、笔墨精湛、清新灵气而被公认为人物画中的佼佼者。作为当代著名的人物画家,杜滋龄的国画作品人物造型生动优美,表情丰富动人,笔法灵活,墨色自然,不经意间,美丽的塔吉克女郎、迎着朔风前进的藏族牧民等形象就跃然纸上。
Groovy things to do with Groovy - Guillaume Laforge
Guillaume Laforge is an Open Source developer who manages and works actively on Groovy, the agile and dynamic language for the JVM. He is the lead of JSR-241 whose role is to specify this new language. He is also the Groovy Project Manager. Along with Dierk Koenig, he is co-authoring “Groovy in Action” for Manning.
In his professional life, after a few years at two Software vendors, focusing on a Rapid Web-Application Generation framework, and implementing a JMS implementation for a European leader company in the domain of EAI (Enterprise Application Integration), he is now working for a reknown consulting company on various J2EE projects, at OCTOTechnology as a software architect.
In his professional life, after a few years at two Software vendors, focusing on a Rapid Web-Application Generation framework, and implementing a JMS implementation for a European leader company in the domain of EAI (Enterprise Application Integration), he is now working for a reknown consulting company on various J2EE projects, at OCTOTechnology as a software architect.
Enable SSL on Blackboard Academic Suite
Secure Sockets Layer (SSL) is a protocol for protecting Internet communications. SSL ensures that a communication is not read or changed by another entity. The Blackboard Academic Suite uses SSL to secure all or some communications between the Web server and the client machine.
How does SSL work? SSL works through public key encryption. Transmissions are decrypted and encrypted using certificates. The steps below outline the process for establishing a connection over SSL:
How to obtain a certificate? The simplest way to obtain a certificate for use with a Web site is through a vendor known as a Certifying Authority (CA). The process is relatively simple.
1. Generate a certificate request.
2. Send the request to a CA.
3. The CA creates and registers a certificate.
4. Make this certificate available to the Web Server (IIS or Apache).
/usr/local/blackboard/tools/admin/PushConfigUpdates.sh
How does SSL work? SSL works through public key encryption. Transmissions are decrypted and encrypted using certificates. The steps below outline the process for establishing a connection over SSL:
1. Client contacts the server with a list of encryption methods.
2. The Server returns its certificate and a public key. These initial communications are scrambled with random data.
3. Client validates the certificate.
4. Client creates a secret string using an encryption method recognised by both the client and the server. The string is combined with the server’s public key and sent back to the server.
5. Both the client and server create session keys based on the secret string.
6. The client sends a message to the server that it will now use the session key to encrypt and decrypt communications.
7. The server responds that it will also use the session key.
8. After each side confirms, the session keys are used to encrypt and decrypt communications during the session.
2. The Server returns its certificate and a public key. These initial communications are scrambled with random data.
3. Client validates the certificate.
4. Client creates a secret string using an encryption method recognised by both the client and the server. The string is combined with the server’s public key and sent back to the server.
5. Both the client and server create session keys based on the secret string.
6. The client sends a message to the server that it will now use the session key to encrypt and decrypt communications.
7. The server responds that it will also use the session key.
8. After each side confirms, the session keys are used to encrypt and decrypt communications during the session.
How to obtain a certificate? The simplest way to obtain a certificate for use with a Web site is through a vendor known as a Certifying Authority (CA). The process is relatively simple.
1. Generate a certificate request.
2. Send the request to a CA.
3. The CA creates and registers a certificate.
4. Make this certificate available to the Web Server (IIS or Apache).
Configuring SSL for Apache
1. Login to the Web/Application server as root.
2. Set the PATH to include the OpenSSL provided by Blackboard with the following commands:
PATH=/usr/local/blackboard/apps/openssl/bin:$PATH
export PATH
3. Generate your own Certifying Authority (CA) using the following commands.
openssl genrsa -des3 -out ca.key 4096
Generating RSA private key, 4096 bit long modulus
When prompted for a pass phrase for ca.key, enter the pass phrase.
openssl req -new -x509 -days 365 -key ca.key -out ca.crt When prompted for the pass phrase for ca.key, enter the one you just input.
Input the following information when prompted:
Country Name State or Province Name (full name) Locality Name Organization Name Organizational Unit Name Common Name (set this one different from the server’s CN) Email Address
2. Set the PATH to include the OpenSSL provided by Blackboard with the following commands:
PATH=/usr/local/blackboard/apps/openssl/bin:$PATH
export PATH
3. Generate your own Certifying Authority (CA) using the following commands.
openssl genrsa -des3 -out ca.key 4096
Generating RSA private key, 4096 bit long modulus
When prompted for a pass phrase for ca.key, enter the pass phrase.
openssl req -new -x509 -days 365 -key ca.key -out ca.crt When prompted for the pass phrase for ca.key, enter the one you just input.
Input the following information when prompted:
Country Name State or Province Name (full name) Locality Name Organization Name Organizational Unit Name Common Name (set this one different from the server’s CN) Email Address
4. Generate a server key and request for signing (csr).
This step creates an unsigned server key, and a request that you want it signed (the .csr file) by a Certifying Authority.
openssl genrsa -des3 -out server.key 4096 When prompted for a pass phrase for server.key, enter the pass phrase.
openssl req -new -key server.key -out server.csr When prompted for the pass phrase for server.key, enter the one you just input.
Input the following information when prompted:
Country Name State or Province Name (full name) Locality Name Organization Name Organizational Unit Name Common Name (set this one different from the CA’s CN) Email Address A challenge password (It will prompt you to enter a challenge password to be sent with your certificate request) An optional company name
This step creates an unsigned server key, and a request that you want it signed (the .csr file) by a Certifying Authority.
openssl genrsa -des3 -out server.key 4096 When prompted for a pass phrase for server.key, enter the pass phrase.
openssl req -new -key server.key -out server.csr When prompted for the pass phrase for server.key, enter the one you just input.
Input the following information when prompted:
Country Name State or Province Name (full name) Locality Name Organization Name Organizational Unit Name Common Name (set this one different from the CA’s CN) Email Address A challenge password (It will prompt you to enter a challenge password to be sent with your certificate request) An optional company name
5. Sign the certificate signing request (csr) with the self-created certifying authority (CA) that you made earlier.
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
If the signature of certificate signing request (csr) is OK, you will be prompted to enter pass phrase for ca.key.
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
If the signature of certificate signing request (csr) is OK, you will be prompted to enter pass phrase for ca.key.
6. Examine the components using the following commands.
openssl rsa -noout -text -in server.key
openssl req -noout -text -in server.csr
openssl rsa -noout -text -in ca.key
openssl x509 -noout -text -in ca.crt
7. Edit the /usr/local/blackboard/apps/httpd/conf/httpd.conf file to include the following directive.
Include conf/ssl.conf
8. Edit the /blackboard/config/bb-config.properties file by adding the following attributes.
bbconfig.unix.ssl.certificatefile=/path/to/your/server.crt
bbconfig.unix.ssl.certificatekeyfile=/path/to/your/server.key
The default place to store your server.crt is /usr/local/blackboard/apps/httpd/conf/ssl.crt/. The default place to store your server.key is /usr/local/blackboard/apps/httpd/conf/ssl.key/.
openssl rsa -noout -text -in server.key
openssl req -noout -text -in server.csr
openssl rsa -noout -text -in ca.key
openssl x509 -noout -text -in ca.crt
7. Edit the /usr/local/blackboard/apps/httpd/conf/httpd.conf file to include the following directive.
Include conf/ssl.conf
8. Edit the /blackboard/config/bb-config.properties file by adding the following attributes.
bbconfig.unix.ssl.certificatefile=/path/to/your/server.crt
bbconfig.unix.ssl.certificatekeyfile=/path/to/your/server.key
The default place to store your server.crt is /usr/local/blackboard/apps/httpd/conf/ssl.crt/. The default place to store your server.key is /usr/local/blackboard/apps/httpd/conf/ssl.key/.
Configuring SSL for the Collaboration Tool with a Signed Certificate
Setting up SSL to encrypt connections to the Blackboard Academic Suite does not secure the Collaboration Tool because the Collaboration Tool uses Tomcat, not Apache or IIS, to handle user connections and serve pages. Securing the Collaboration Tool requires using a separate SSL certificate with Tomcat.
1. Convert the server.key and server.crt into a PKCS12 keystore using OpenSSL.
openssl pkcs12 -export -out keystore.pkcs12 -in /path/to/your/server.crt -inkey /path/to/your/server.key
This will prompt for a keystore password. The default password is ‘changeit’. The keystore will be created as keystore.pkcs12 in the current directory. Move this to an appropriate location.
openssl pkcs12 -export -out keystore.pkcs12 -in /path/to/your/server.crt -inkey /path/to/your/server.key
This will prompt for a keystore password. The default password is ‘changeit’. The keystore will be created as keystore.pkcs12 in the current directory. Move this to an appropriate location.
2. Adjust Tomcat to use the keystore.
Uncomment the following section in /usr/local/blackboard/apps/collab-server/http/tomcat/conf/server.xml.bb:
<Connector port=”@@bbconfig.collabserver.portnumber.ssl.default@@”
maxThreads=”150″ minSpareThreads=”25″ maxSpareThreads=”75″
keystoreFile=”@@bbconfig.collabserver.keystore.filename@@”
keystorePass=”@@bbconfig.collabserver.keystore.password@@”
enableLookups=”false” clientAuth=”false” sslProtocol=”TLS” abovekeystoreType=”PKCS12″
acceptCount=”100″ disableUploadTimeout=”true” debug=”0″ scheme=”https” secure=”true”/>
3. Edit bb-config.properties in /usr/local/blackboard/config to add the following settings.
bbconfig.collabserver.portnumber.ssl.default=8443
bbconfig.collabserver.keystore.filename=/path/to/your/keystore.pkcs12
bbconfig.collabserver.keystore.password=changeit (please CHANGE IT!)
Push out changes
Uncomment the following section in /usr/local/blackboard/apps/collab-server/http/tomcat/conf/server.xml.bb:
<Connector port=”@@bbconfig.collabserver.portnumber.ssl.default@@”
maxThreads=”150″ minSpareThreads=”25″ maxSpareThreads=”75″
keystoreFile=”@@bbconfig.collabserver.keystore.filename@@”
keystorePass=”@@bbconfig.collabserver.keystore.password@@”
enableLookups=”false” clientAuth=”false” sslProtocol=”TLS” abovekeystoreType=”PKCS12″
acceptCount=”100″ disableUploadTimeout=”true” debug=”0″ scheme=”https” secure=”true”/>
3. Edit bb-config.properties in /usr/local/blackboard/config to add the following settings.
bbconfig.collabserver.portnumber.ssl.default=8443
bbconfig.collabserver.keystore.filename=/path/to/your/keystore.pkcs12
bbconfig.collabserver.keystore.password=changeit (please CHANGE IT!)
Push out changes
/usr/local/blackboard/tools/admin/PushConfigUpdates.sh
Communicate with body language
Some common body language signals that can help (or hurt) a conversations:
- Fiddling: Playing with your watch or a pen looks like you’re bored or impatient.
- Legs crossed or body hunched: Closing up your body profile –becoming smaller– looks like you lack confidence.
- Arms crossed: If you keep your arms folded during communication, you appear to be defending yourself against the others.
- Touching your face: When you have your hand in front of your mouth, you appear timid.
- Rubbing your nose, looking away: People who are lying often rub their nose or look away when speaking.
Positive Eating, Positive Living
Wagamama is a restaurant chain serving pan-Asian food in the style of a modern noodle bar. The first Wagamama opened in 1992 in Bloomsbury, London. The chain has grown to include branches in London and across the United Kingdom, as well as in Ireland, Amsterdam, Istanbul, Australia, Dubai, Belgium, Auckland and Copenhagen. The first US branch is now open in Boston, with a second one in nearby Cambridge MA to open this summer. The chain’s website defines wagamama as “wilful / naughty child”. However, a more accurate translation of the Japanese word would be “self centered and inconsiderate to others.” Their trademarked slogan is: positive eating + positive living.
Land Rover Defender
The Land Rover Series I, II, and III, Ninety, One Ten, 127, and Defender are off-road vehicles produced by the British manufacturer Land Rover. The Defender is the descendant of the Series models, following over 50 years of “evolution” along the same basic design, and retaining very similar looks. Land Rover say that 70% of these vehicles ever made are still in use today- a claim first made in the 1992 brochure and repeated many times since, being much publicised when cited by Richard Hammond of the BBC’s Top Gear.
Series models and Defenders are easily confused due to their similar styling — many body parts are interchangeable between brand-new models and vehicles nearly 30 years old. Differences, however, are significant. The principal differences between Defenders and Series models are that the Series models are leaf-sprung with selectable two- or four-wheel drive whereas Defenders are coil-sprung with permanent four wheel drive and locking central differential.
Series models and Defenders are easily confused due to their similar styling — many body parts are interchangeable between brand-new models and vehicles nearly 30 years old. Differences, however, are significant. The principal differences between Defenders and Series models are that the Series models are leaf-sprung with selectable two- or four-wheel drive whereas Defenders are coil-sprung with permanent four wheel drive and locking central differential.
Airbus 380
The Airbus A380 is a double-deck, four-engined airliner manufactured by EADS (Airbus S.A.S.). It is the largest passenger airliner in the world. It first flew on 27 April 2005 from Toulouse, France. Commercial flights are scheduled to begin in late 2007 after lengthy delays. During much of its development phase, the aircraft was known as the Airbus A3XX. The nickname Superjumbo has become associated with the A380.
The A380’s upper deck extends along the entire length of the fuselage. This allows for a cabin with 50% more floor space than the next largest airliner, the Boeing 747-400, and provides seating for 555 people in standard three-class configuration or up to 853 people in full economy class configuration. Two models of the A380 are available for sale. The A380-800, the passenger model, is the largest passenger airliner in the world, superseding the Boeing 747. The A380-800F, the freighter model, is designed as one of the largest freight aircraft, with a listed payload capacity exceeded only by the Antonov An-225. The A380-800 has a maximum range of 15,000 km (8,000 nmi, sufficient to fly from Chicago to Sydney nonstop), and a cruising speed of Mach 0.85 (about 900 km/h or 560 mph at cruise altitude).
The A380’s upper deck extends along the entire length of the fuselage. This allows for a cabin with 50% more floor space than the next largest airliner, the Boeing 747-400, and provides seating for 555 people in standard three-class configuration or up to 853 people in full economy class configuration. Two models of the A380 are available for sale. The A380-800, the passenger model, is the largest passenger airliner in the world, superseding the Boeing 747. The A380-800F, the freighter model, is designed as one of the largest freight aircraft, with a listed payload capacity exceeded only by the Antonov An-225. The A380-800 has a maximum range of 15,000 km (8,000 nmi, sufficient to fly from Chicago to Sydney nonstop), and a cruising speed of Mach 0.85 (about 900 km/h or 560 mph at cruise altitude).
hassan II mosque
Taken during my trip to the Kingdom of Morocco in April 2007.
The Hassan II Mosque (Arabic مسجد الحسن الثاني) is a mosque located in Casablanca, Morocco. Designed by the French architect Michel Pinseau, it is the second largest in the world (after the Masjid al-Haram in Mecca). It stands on a promontory looking out to the Atlantic, which can be seen through a gigantic glass floor with room for 25,000 worshippers. A further 80,000 can be accommodated in the mosque’s courtyard. Its minaret is the world’s tallest at 210 metres (689 ft).
The Hassan II Mosque (Arabic مسجد الحسن الثاني) is a mosque located in Casablanca, Morocco. Designed by the French architect Michel Pinseau, it is the second largest in the world (after the Masjid al-Haram in Mecca). It stands on a promontory looking out to the Atlantic, which can be seen through a gigantic glass floor with room for 25,000 worshippers. A further 80,000 can be accommodated in the mosque’s courtyard. Its minaret is the world’s tallest at 210 metres (689 ft).
Single Sign-On solutions
Single Sign-On is a session/user authentication process that allows a user to provide his or her credentials once in order to access multiple applications. The single sign-on authenticates the user to access all the applications he or she has been authorized to access. It eliminates future authentication requests when the user switches applications during that particular session.
When single sign-on works strictly with applications accesses with a web browser, the request to access a web resource is intercepted either by a component in the web server, or by the application itself. Unauthenticated users are diverted to an authentication service and returned only after a successful authentication. Single Sign-On services reviewed in this post:
1.1 Features:
1.3 Implementation:
We need to create two scripts of our own, LoginFromBlackboard and LoginToBlackboard on external system. These will send and receive requests to and from Blackboard via the SSOGenius building block.
1.4 How it works:
1.5 System Requirements:
2.1 Features:
3.3 License: BSD License.
4.3 License: © 2002 – 2004 Regents of the University of Michigan.
5.1 Latest Build: 3.3.2c
7.1 Features:
7.5 Implementation:
When single sign-on works strictly with applications accesses with a web browser, the request to access a web resource is intercepted either by a component in the web server, or by the application itself. Unauthenticated users are diverted to an authentication service and returned only after a successful authentication. Single Sign-On services reviewed in this post:
- SSOGenius (http://www.vlegenius.com/)
- JA-SIG Central Authentication Service (CAS) (http://www.ja-sig.org/products/cas/)
- Java Open Single Sign-On (JOSSO) (http://www.josso.org/)
- Collaborative Single Sign-On (CoSign) (http://www.umich.edu/~umweb/software/cosign/)
- Pubcookie (http://www.pubcookie.org/)
- Stanford WebAuth (http://www.stanford.edu/services/webauth/)
- Open Web SSO (OpenSSO) (http://opensso.dev.java.net/)
1.1 Features:
- Pass authenticated users into Blackboard
- Pass Blackboard users into an external site
- No need to modify the Blackboard configuration
- Independent of domain and time zone
- Easy to implement
1.3 Implementation:
We need to create two scripts of our own, LoginFromBlackboard and LoginToBlackboard on external system. These will send and receive requests to and from Blackboard via the SSOGenius building block.
1.4 How it works:
A user logs onto Blackboard. The user clicks on a special link to the external site. (These can be placed anywhere in Blackboard where links or HTML text can be added) SSOGenius intercepts the request then adds authentication parameters and redirects the user to a special SSO script on the external site. The external SSO script authenticates the user with the new site, using the details sent by SSOGenius. The script should then redirect the client to the desired page on the external system.
1.5 System Requirements:
- Java: JDK1.4.2 or higher.
- Operating System: Linux, Sun Solaris, Microsoft Windows
- Access to an external system (Add/modify the existing code).
- 1.6 License (One year site licenses):
- Standard License: £700.
- FE/School License: £525.
2.1 Features:
- An open and well-documented protocol.
- An open-source Java server component.
- A library of clients for Java, .Net, PHP, Perl, Apache, uPortal, and others.
- Community documentation and implementation support.
- LDAP authentication handler, X.509 Certificates support.
- CAS Server Release: CAS Server 3.0.7 GA
- CAS Client Release for different platforms.
- Redistributions of source code must retain the copyright notice (Copyright © 2000 The JA-SIG Collaborative.), this list of conditions and the following disclaimer.
- Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
- Redistributions of any form whatsoever must retain the following acknowledgement: “This product includes software developed by the JA-SIG Collaborative (http://www.ja-sig.org/).”
- S (Service): A web application that authenticates users via CAS.
- C (Ticket-granting Cookie): A ticket encapsulated by a cookie that is sent to the user’s web browser and returned only to CAS, and only over a secured channel.
- ST (Service Ticket): A ticket sent by CAS, through the user’s browser, to a service. Each ST may be used only once, and must be combined with the unique identifier for one specific service in order to be useful.
- Java: JDK 1.4.2 or higher.
- Apache Tomcat 5.x.
3.1 Features:
- 100% Java with JDK5 compatibility.
- JAAS-based Transparent Single Sign-On across multiple applications and hosts.
- Built-in with a Pluggable Framework to allow the implementation of multiple authentication schemes and stores.
- Provides Identity information to web applications and EJBs through the standard Servlet and EJB Security API respectively.
- Supports Strong Authentication using X.509 client certificates.
- Comes with a Reverse Proxy component that can be used to create n-tier Single Sign-On configurations.
- Support for transparent cross-organization/cross-domain Single Sign-On.
- LDAP support for storing user information and credentials.
- Microsoft Active Directory support for LDAP integration.
- Database support for storing user information and credentials.
- XML support for storing user information and credentials.
- Client API for Microsoft ASP.
3.3 License: BSD License.
3.4 Implementation: Please check JOSSO’s website for diagrams.
3.5 System Requirements:
- JDK 5.0 or higher.
- Apache Tomcat 5.x.
- JBoss 3.2.6+ and JBoss 4.
4.1 Features:
- Passwords are sent only to the central weblogin service over SSL.
- Users need only authenticate once per session to access any number of CoSign-protected sites.
- Optional per-service re-authentication.
- X.509 certificate support.
- No domain cookies used.
- Sessions have both idle and hard timeouts.
- Users can logout of all CoSign-protected services by visiting a single URL.
4.3 License: © 2002 – 2004 Regents of the University of Michigan.
4.4 Implementation (check CoSign’s website for diagrams):
- User visits weblogin before accessing a service
- User attempts to visit a protected service directly
- Apache 1.3.x or higher/Apache 2.x or higher.
- OpenSSL 0.9.7a or higher.
5.1 Latest Build: 3.3.2c
5.2 License: Apache License (Version 2.0).
5.3 Implementation: Check Pubcookie’s website for diagrams.
5.4 System Requirements:
- Web Application Requirements:
- HTTPS connections: Pubcookie flags all cookies “secure”, so applications should be written such that browsers use SSL-protected (https) connections.
- Session creation by HTTP GET requests: Applications should be designed such that sessions are created from a HTTP GET request. Applications should not be designed such that a user’s initial request is a HTTP POST.
- Login Server Requirements:
- Unix platform
- Web server with CGI support
- SSL server certificate
- User-Agent Requirements:
- SSL support
- Cookies supported and enabled
6.1 Features:
Supports any browser that supports SSL/TLS and cookies and requires no special browser configuration.
Implemented as an Apache authentication mechanism.
Built-in LDAPv3 integration.
6.2 Latest Build: WebAuth 3.5.3
6.3 License: © 2002 – 2006 Board of Trustees, Leland Stanford Jr. University
6.4 Implementation: Implemented as Apache 2.0 modules.
6.5 System Requirements:
- Apache 2.0.43 or higher.
- OpenSSL 0.9.7
- cURL 7.10 or higher.
- OpenLDAP or Cyrus SASL for LDAP authentication.
7.1 Features:
- Single Sign-On (SSO)
- Centralized authorization services
- Federated Identity support
- J2EE architecture and comprehensive APIs
- Enterprise-class scalability and reliability
- Real-time audit
- Java Authentication and Authorization Service (JAAS)
- Kerberos
- Lightweight Directory Access Protocol (LDAP)
- Secure Sockets Layer (SSL)
- Active Directory
- X.509 Certificate
- Java Database Connectivity (JDBC)
- LDAP
7.5 Implementation:
OpenSSO contains four modules: Access Manager, Open Federation Library, Open Federation, and J2EE Agents.
7.6 System Requirements:
- Sun JDK 1.5.0 or higher
- Apache Tomcat 5.5.x or higher
- Apache 2.0.x or higher
Cromer Pier
A small, almost impoverished town, Cromer was “discovered” in the 18th Century by well to do travellers as a watering place. Cromer began to grow, slowly at first due to its remoteness, but upon the arrival of the railway in 1877, linking Cromer with London and later the Midlands, development gathered pace. Land was released from Cromer Hall and estate developers began building hotels and residential areas.Aerial viewBy the 1890s Cromer was fashionable and booming. Many fine residences were built and the Urban District Council saw that the infrastructure - drainage, roads, schools, electricity and so on - was the best. In 1900 a new seafront and pier were erected.
The Town’s reputation for crab fishing and lifeboats is undiminished. The suburban development of the 20th century, particularly of the post-war period has seen the town expand in every direction.
The Town’s reputation for crab fishing and lifeboats is undiminished. The suburban development of the 20th century, particularly of the post-war period has seen the town expand in every direction.
Harewood House
Harewood House, home to the Queen’s cousin, the Earl of Harewood, provides a wonderful day out for all the family. The House, with its outstanding art collections, splendid State Rooms and fascinating ‘Below Stairs’ exhibition, is set in spectacular grounds, which include formal gardens and gentle woodland walks.
The house was built from 1759 to 1771 for the Lascelles family, who had bought the estate after making their fortune in the West Indies through Customs positions, slave trading and lending money to planters. The house was designed by the architects John Carr and Robert Adam.
Much of the furniture is by the eighteenth century English furniture designer Thomas Chippendale, who came from nearby Otley.
Lancelot “Capability” Brown designed the grounds to which Sir Charles Barry added a grand terrace, in 1844.
Artist Thomas Girtin stayed at the house many times, painting the house itself and also the surrounding countryside and landmarks, such as the nearby Plumpton Rocks which at the time was owned by the Harewood Estate.
Harewood house has a long history of taking visitors interested in its imposing architecture, and collections of paintings. The first guidebook to Harewood House was published early in the nineteenth century.
The house served as a convalescent hospital during both World War I and World War II.
The house was built from 1759 to 1771 for the Lascelles family, who had bought the estate after making their fortune in the West Indies through Customs positions, slave trading and lending money to planters. The house was designed by the architects John Carr and Robert Adam.
Much of the furniture is by the eighteenth century English furniture designer Thomas Chippendale, who came from nearby Otley.
Lancelot “Capability” Brown designed the grounds to which Sir Charles Barry added a grand terrace, in 1844.
Artist Thomas Girtin stayed at the house many times, painting the house itself and also the surrounding countryside and landmarks, such as the nearby Plumpton Rocks which at the time was owned by the Harewood Estate.
Harewood house has a long history of taking visitors interested in its imposing architecture, and collections of paintings. The first guidebook to Harewood House was published early in the nineteenth century.
The house served as a convalescent hospital during both World War I and World War II.
Jakarta Tomcat connector installation (Windows)
Today’s topic is about how to get Jakarta Tomcat connector working with your Tomcat.
Edit D:\Program Files\Apache Group\Apache2\conf\httpd.conf, insert code:
LoadModule jk_module modules/mod_jk.so <IfModule mod_jk.c> JkWorkersFile conf/workers.properties JkLogFile logs/mod_jk.log JkLLogLevel error JkLogStampFormat “[%a %b %d %H:%M:%S %Y] “ JkOptions +ForwardKeySize +ForwardURICompat –ForwardDirectories JkRequestLogFormat “%w %V %T” Alias /jsp-examples “D:/apache-tomcat/webapps/jsp-examples/” <Directory “D:/apache-tomcat/webapps/jsp-examples/”> Options Indexes +FollowSymLinks AllowOverride None Allow from all </Directory> Alias /servlets-examples “D:/apache-tomcat/webapps/servlets-examples/” <Directory “D:/apache-tomcat/webapps/servlets-examples/”> Options Indexes +FollowSymLinks AllowOverride None Allow from all </Directory> <Location /*/WEB-INF/*> AllowOverride None Deny from all </Location> JkMount /jsp-examples/*.jsp worker JkMount /servlets-examples/* worker </IfModule>
Requirements:
- Java 1.5 JDK (SDK) or higher
- Apache HTTP Server 2.0.58 or higher
- Apache Tomcat Servlet/JSP Container 5.5.17 or higher
- Apache Jakarta Tomcat Connector JK-1.2.15
- Java 1.5 JDK: http://java.sun.com
- Apache HTTP Server 2.0.58: http://httpd.apache.org
- Apache Tomcat Servlet/JSP Container 5.5.17: http://tomcat.apache.org
- Apache Jakarta Tomcat Connector JK-1.2.15:
- Please download binary distribution of your platform only: http://www.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/
- Java JDK path: D:\Program Files\Java\jdk5
- Apache HTTP Server path: D:\Program Files\Apache Group\Apache2
- Apache Tomcat path: D:\apache-tomcat
- Apache HTTP DocumentRoot: E:\DocumentRoot
- Servlet/JSP DocumentRoot (via Apache2/mod_jk): D:\apache-tomcat\webapps
- Servlet/JSP DocumentRoot (via native Tomcat server, port 8080): D:\apache-tomcat\webapps
- Access Servlet/JSP pages via Apache2/mod_jk: http://localhost/[jkmount-mapped url of your webapp]
- Access native Tomcat server: http://localhost:8080/
- Run file jdk_1_5_06-windows-i586-p.exe. Install under your D:\Program Files\Java\jdk5.
- Unpack and place Tomcat 5.5 and mod_jk:
- Unpack file apache-tomcat-5.5.17.zip under D:\
- Unpack file apache-tomcat-5.5.17-admin.zip under D:\
- Rename directory D:\apache-tomcat-5.5.17 to D:\apache-tomcat
- Rename file mod_jk-apache-2.0.55.so to mod_jk.so, and place it under directory D:\Program Files\Apache Group\Apache2\modules
- Set Environmental Variables:
- JAVA_HOME=D:\Program Files\Java\jdk5
- CATALINA_HOME=D:\apache-tomcat
- Create empty file D:\Program Files\Apache Group\Apache2\conf\workers.properties, insert code:
LoadModule jk_module modules/mod_jk.so <IfModule mod_jk.c> JkWorkersFile conf/workers.properties JkLogFile logs/mod_jk.log JkLLogLevel error JkLogStampFormat “[%a %b %d %H:%M:%S %Y] “ JkOptions +ForwardKeySize +ForwardURICompat –ForwardDirectories JkRequestLogFormat “%w %V %T” Alias /jsp-examples “D:/apache-tomcat/webapps/jsp-examples/” <Directory “D:/apache-tomcat/webapps/jsp-examples/”> Options Indexes +FollowSymLinks AllowOverride None Allow from all </Directory> Alias /servlets-examples “D:/apache-tomcat/webapps/servlets-examples/” <Directory “D:/apache-tomcat/webapps/servlets-examples/”> Options Indexes +FollowSymLinks AllowOverride None Allow from all </Directory> <Location /*/WEB-INF/*> AllowOverride None Deny from all </Location> JkMount /jsp-examples/*.jsp worker JkMount /servlets-examples/* worker </IfModule>
Install and Start Tomcat
Tomcat can be installed as a Service or started as a Standalone Console application. Note to make sure that Apache HTTP Server has been started at this point.
Test Tomcat 5.5 and mod_jk installations:
- Tomcat Service
- Standalone Console application
Test Tomcat 5.5 and mod_jk installations:
- Test the native Tomcat server:
koutoubia mosque
Taken during my trip to the Kingdom of Morocco in April 2007.
The Koutoubia Mosque (Arabic: جامع الكتبية) is the largest mosque in Marrakech, Morocco. The minaret was completed under the reign of the Almohad Caliph Yacoub el-Mansour (1184-1199) and was used as model for Giralda of Seville then for the Hassan Tower of Rabat.
The name is derived from the Arabic al-Koutoubiyyin for librarian, since it used to be surrounded by sellers of manuscripts. It is considered the ultimate structure of its kind. The tower is 69 m (221 ft) in height and has a lateral length of 12.8 m (41 ft). Six rooms (one above the other) constitute the interior; leading around them is a ramp by way of which the muezzin could ride up to the balcony. It is built in a traditional Almohad style and the tower is adorned with four copper globes.
According to legend, they were originally made of pure gold, and there were once supposed to have been only three. The fourth was donated by the wife of Yacoub el-Mansour as compensation for her failure to keep the fast for one day during the month of Ramadan. She had her golden jewelry melted down to fashion the fourth globe.
The Koutoubia Mosque (Arabic: جامع الكتبية) is the largest mosque in Marrakech, Morocco. The minaret was completed under the reign of the Almohad Caliph Yacoub el-Mansour (1184-1199) and was used as model for Giralda of Seville then for the Hassan Tower of Rabat.
The name is derived from the Arabic al-Koutoubiyyin for librarian, since it used to be surrounded by sellers of manuscripts. It is considered the ultimate structure of its kind. The tower is 69 m (221 ft) in height and has a lateral length of 12.8 m (41 ft). Six rooms (one above the other) constitute the interior; leading around them is a ramp by way of which the muezzin could ride up to the balcony. It is built in a traditional Almohad style and the tower is adorned with four copper globes.
According to legend, they were originally made of pure gold, and there were once supposed to have been only three. The fourth was donated by the wife of Yacoub el-Mansour as compensation for her failure to keep the fast for one day during the month of Ramadan. She had her golden jewelry melted down to fashion the fourth globe.
hassan II mosque
Taken during my trip to the Kingdom of Morocco in April 2007.
The Hassan II Mosque (Arabic مسجد الحسن الثاني) is a mosque located in Casablanca, Morocco. Designed by the French architect Michel Pinseau, it is the second largest in the world (after the Masjid al-Haram in Mecca). It stands on a promontory looking out to the Atlantic, which can be seen through a gigantic glass floor with room for 25,000 worshippers. A further 80,000 can be accommodated in the mosque’s courtyard. Its minaret is the world’s tallest at 210 metres (689 ft).
The Hassan II Mosque (Arabic مسجد الحسن الثاني) is a mosque located in Casablanca, Morocco. Designed by the French architect Michel Pinseau, it is the second largest in the world (after the Masjid al-Haram in Mecca). It stands on a promontory looking out to the Atlantic, which can be seen through a gigantic glass floor with room for 25,000 worshippers. A further 80,000 can be accommodated in the mosque’s courtyard. Its minaret is the world’s tallest at 210 metres (689 ft).
Subscribe to:
Posts (Atom)
Posts
