2017年9月3日 星期日

open ftp passive mode with ufw


ufw allow ftp

/etc/proftpd/proftpd.conf:
PassivePorts  50000   51000

ufw allow proto tcp from any to any port 50000:51000

2017年8月7日 星期一

Akademy 2017


Being absent in Akademy 2016, this year when starting calling for paper I almost immediately submitted two topics.  Fortunately two proposals were all accepted.  BTW, this time a young community friend also submitted a topic and was accepted, so I was no longer travelling alone.  Plus KDE and The Document Foundation are partners now, being a member of both KDE e.V. and TDF it was my honor to be the bridge between the two important community.

This time the travel was not as twisted as in 2015.  We arrived Almeria smoothly and met Lydia in the bus to the hotel!  It was a happy time meeting old and new friends and that's supposed to be the fun of having open source conferences.

In this year I had a long and a short talk.  The long talk was about customizing Kubuntu 16.04.  The way I used to customize Kubuntu 14.04 was almost useless in 16.04, which made me very frustrated.  I used to call for help in mailing lists and IRC channels but didn't get too much help.  So in my talk, I listed some important issues like the environment variables of XDG menu specs were of no use in Plasma 5, and the configuration structure in Plasma 5 was totally different but no enough documents available.  I have to say that, face to face communication is really good because we can see the problems and discuss together.  After my talk some issues were confirmed and I got to know the new "look-and-feel packages" way to customize.

In another short talk it was about Calligra suite.  In these two years I mainly work on helping the Taiwan's governments to adopt ODF and LibreOffice.  Since an important advantage of using open standard is that users will have different choices for software, I hope that Calligra can be improved especially for the CJK issues so that users in Taiwan can have more choices.

In the BoF session I helped Gabriele Ponzo and Xisco Fauli, who were from TDF to register BoF sessions talking about the LibreOffice community and announcing the release of LibreOffice 5.4.  I also registered one talking about to form a total solution composed with free software, for public administration in all the countries.  Being an excellent desktop environment KDE can and should play an important role in it.

Another important issue I raised in the "Ask us everything" sessions of  KDE e.V. board members was the member electing system we are using now.  I was elected as a KDE e.V. member as well but these years I keep wondering if it is an appropriate system.  Someone apply for e.V. member because he contributed to KDE and would like to get involved more.  Why should he get a certain number of current members to agree?  Besides, in this system the "+1" scheme is problematic too.  I hope that we can together discuss and think about the member system more to improve it.

Though the time was short but I really had a great time in Akademy 2017.  Wish to see you all in Vienna next year!



2017年7月9日 星期日

convert pdf to CMYK

把 pdf 檔改成 CMYK

gs -dSAFER -dBATCH -dNOPAUSE -dNOCACHE -sDEVICE=pdfwrite \
-sColorConversionStrategy=CMYK -dProcessColorModel=/DeviceCMYK \
-sOutputFile=output.pdf input.pdf


確認圖檔或 PDF 檔的 color profile
identify -format '%[colorspace]' [input-file]

2017年5月29日 星期一

openvpn


被搞好幾次囉

1. install openvpn, easy-rsa
2. vars 修改,. ./vars
3. build-ca
4. build-key-server <server_name>
5. build-dh
6. build-key <client_name>
7. openvpn --genkey --secret ta.key



https://openvpn.net/index.php/open-source/documentation/howto.html#examples
server/client config example

server 端:走 tcp, ta 打開 (0)

client 端:放 ca.crt, ta.key, <client_name>.* 到 openvpn 設定目錄內
走 tcp, ta 打開 (1)

重點:
防火牆打開

ufw allow 1194/tcp
ufw allow 1194/udp

/etc/ufw/before.rules 內最後面加上

## NAT table rules
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]

# Port Forwarding
-A POSTROUTING -s 192.168.95.0/24 -o ppp0 -j MASQUERADE

# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT
               

/etc/ufw/sysctl.conf 裡打開 net/ipv4/ip_forward=1

然後要把來自 tun0 的封包都預設 allow 不然 client 丟過去的 ip 不一樣就會被擋
ufw allow in on tun0

2017年2月26日 星期日

ezgo 使用者還原改寫為 systemd 系統


因為從原本的 SysV 改成 systemd,結果以前的使用者還原 script 全部要改寫。
研究了一下 systemd 的運作,終於改寫成功。

使用者還原:

產生兩個檔案:
/lib/systemd/system/multi-user.target.wants/recover_ezgo.service

內容:
[Unit]
Description=Recover user home contents #systemd service 的描述
Before=sddm.service #因為使用者家目錄的修改要在啟動 sddm 前做好,否則會出大亂子

[Service]
Type=oneshot
ExecStart=/usr/share/ezgo/recover/restore_ezgo.sh  #restore_ezgo.sh 是依據使用者選擇的帳號而產生

[Install]
WantedBy=multi-user.target


然後把它連結到 /etc/systemd/system/multi-user.target.wants/ 裡。這樣開機時就會在 sddm 執行 /usr/share/ezgo/recover/restore_ezgo.sh。

另外一個檔就是真正執行還原的,也就是 restore_ezgo.sh。裡面就是清掉家目錄的內容,再將先前備份的檔案放回去。


還原系統初始值:將家目錄整個砍掉重建,再把 /etc/skel 裡的內容放進去。
一樣放在開機時 sddm 執行前:

systemd 的部份要建立一個檔案: /lib/systemd/system/multi-user.target.wants/skel_ezgo.service

[Unit]
Description=Recover factory default for ezgo users
Before=sddm.service

[Service]
Type=oneshot
ExecStart=/usr/share/ezgo/recover/skel_ezgo.sh 

[Install]
WantedBy=multi-user.target

一樣把它連結到 /etc/systemd/system/multi-user.target.wants/ 中。這樣就能在 sddm 前執行。


2016年11月12日 星期六

debian server login 變慢的問題


已經有好一陣子,連到自己的伺服器,不管是做 sudo su - 或是用 ssh 連過去,或是用 scp 拷東西過去,都要等上十幾秒才會回應。今天去爬了文,找到原因。d-bus 有變化時,要重新執行

systemctl restart systemd-logind

就解決了

2016年10月30日 星期日

Running gcin on ezgo13 (kubuntu 16.04, qt5 問題)


雖然裝上了 gcin-qt5-immodule 但是發現 qt5 的程式一直都還是無法叫出 gcin

後來研究之後成功了
我的做法是:

1. 移除 fcitx (我不確定是否必要,但放多個輸入法在裡面反正是不會有好處) 並安裝 gcin,記得要安裝 gcin-qt5-immodule

2. 修改 /etc/default/im-config 中 IM_CONFIG_PREFERRED_RULE 把 fcitx 通通改成 gcin (我也不確定這個步驟是否必要)

3. 執行 im-config 選擇預設 default

5. 重點:/usr/share/im-config/data/26_gcin.rc 中,在 QT4_IM_MODULE=xim 下面加上一行

QT5_IM_MODULE=xim

重新登入,搞定!

不過我發現重新開機之後 KDE 第一次會無法登入,卡在 splash ,要切到 console 去重啟 sddm 才能順利登入。後來再爬了一下文,修改 /usr/bin/startkde 中
有一個決定 $qdbus 的地方,在 else 的地方
qdbus=qdbus 改成 qdbus="qdbus -qt=5"

至少剛剛重新開機有順利登入了!