open ftp passive mode with ufw

ufw allow ftp

/etc/proftpd/proftpd.conf:
PassivePorts  50000   51000

ufw allow proto tcp from any to any port 50000:51000

Akademy 2017

Being absent in Akademy 2016, this year when starting calling for paper I almost immediately submitted two topics.  Fortunately two proposals were all accepted.  BTW, this time a young community friend also submitted a topic and was accepted, so I was no longer travelling alone.  Plus KDE and The Document Foundation are partners now, being a member of both KDE e.V. and TDF it was my honor to be the bridge between the two important community.

This time the travel was not as twisted as in 2015.  We arrived Almeria smoothly and met Lydia in the bus to the hotel!  It was a happy time meeting old and new friends and that's supposed to be the fun of having open source conferences.

In this year I had a long and a short talk.  The long talk was about customizing Kubuntu 16.04.  The way I used to customize Kubuntu 14.04 was almost useless in 16.04, which made me very frustrated.  I used to call for help in mailing lists and IRC channels but didn't get too much help.  So in my talk, I listed some important issues like the environment variables of XDG menu specs were of no use in Plasma 5, and the configuration structure in Plasma 5 was totally different but no enough documents available.  I have to say that, face to face communication is really good because we can see the problems and discuss together.  After my talk some issues were confirmed and I got to know the new "look-and-feel packages" way to customize.

In another short talk it was about Calligra suite.  In these two years I mainly work on helping the Taiwan's governments to adopt ODF and LibreOffice.  Since an important advantage of using open standard is that users will have different choices for software, I hope that Calligra can be improved especially for the CJK issues so that users in Taiwan can have more choices.

In the BoF session I helped Gabriele Ponzo and Xisco Fauli, who were from TDF to register BoF sessions talking about the LibreOffice community and announcing the release of LibreOffice 5.4.  I also registered one talking about to form a total solution composed with free software, for public administration in all the countries.  Being an excellent desktop environment KDE can and should play an important role in it.

Another important issue I raised in the "Ask us everything" sessions of  KDE e.V. board members was the member electing system we are using now.  I was elected as a KDE e.V. member as well but these years I keep wondering if it is an appropriate system.  Someone apply for e.V. member because he contributed to KDE and would like to get involved more.  Why should he get a certain number of current members to agree?  Besides, in this system the "+1" scheme is problematic too.  I hope that we can together discuss and think about the member system more to improve it.

Though the time was short but I really had a great time in Akademy 2017.  Wish to see you all in Vienna next year!

convert pdf to CMYK

把 pdf 檔改成 CMYK

gs -dSAFER -dBATCH -dNOPAUSE -dNOCACHE -sDEVICE=pdfwrite \
-sColorConversionStrategy=CMYK -dProcessColorModel=/DeviceCMYK \
-sOutputFile=output.pdf input.pdf


確認圖檔或 PDF 檔的 color profile
identify -format '%[colorspace]' [input-file]

openvpn

被搞好幾次囉

1. install openvpn, easy-rsa
2. vars 修改，. ./vars
3. build-ca
4. build-key-server <server_name>
5. build-dh
6. build-key <client_name>
7. openvpn --genkey --secret ta.key



https://openvpn.net/index.php/open-source/documentation/howto.html#examples
server/client config example

server 端：走 tcp, ta 打開 (0)

client 端：放 ca.crt, ta.key, <client_name>.* 到 openvpn 設定目錄內
走 tcp, ta 打開 (1)

重點：
防火牆打開

ufw allow 1194/tcp
ufw allow 1194/udp

/etc/ufw/before.rules 內最後面加上

## NAT table rules
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]

# Port Forwarding
-A POSTROUTING -s 192.168.95.0/24 -o ppp0 -j MASQUERADE

# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT
               
/etc/ufw/sysctl.conf 裡打開 net/ipv4/ip_forward=1

然後要把來自 tun0 的封包都預設 allow 不然 client 丟過去的 ip 不一樣就會被擋
ufw allow in on tun0

ezgo 使用者還原改寫為 systemd 系統

因為從原本的 SysV 改成 systemd，結果以前的使用者還原 script 全部要改寫。
研究了一下 systemd 的運作，終於改寫成功。

使用者還原：

產生兩個檔案：
/lib/systemd/system/multi-user.target.wants/recover_ezgo.service

內容：
[Unit]
Description=Recover user home contents #systemd service 的描述
Before=sddm.service #因為使用者家目錄的修改要在啟動 sddm 前做好，否則會出大亂子

[Service]
Type=oneshot
ExecStart=/usr/share/ezgo/recover/restore_ezgo.sh  #restore_ezgo.sh 是依據使用者選擇的帳號而產生

[Install]
WantedBy=multi-user.target


然後把它連結到 /etc/systemd/system/multi-user.target.wants/ 裡。這樣開機時就會在 sddm 執行 /usr/share/ezgo/recover/restore_ezgo.sh。

另外一個檔就是真正執行還原的，也就是 restore_ezgo.sh。裡面就是清掉家目錄的內容，再將先前備份的檔案放回去。


還原系統初始值：將家目錄整個砍掉重建，再把 /etc/skel 裡的內容放進去。
一樣放在開機時 sddm 執行前：

systemd 的部份要建立一個檔案： /lib/systemd/system/multi-user.target.wants/skel_ezgo.service

[Unit]
Description=Recover factory default for ezgo users
Before=sddm.service

[Service]
Type=oneshot
ExecStart=/usr/share/ezgo/recover/skel_ezgo.sh 

[Install]
WantedBy=multi-user.target

一樣把它連結到 /etc/systemd/system/multi-user.target.wants/ 中。這樣就能在 sddm 前執行。