export LC_COLLATE="zh_CN.UTF-8"

Tools→Options→OpenOffice.org→Fonts中把Arial替换为SimSun或其它中文字体

!alt key
XTerm*eightBitInput:      true
XTerm*metaSendsEscape:    false

XTerm*termName:           xterm-256color

bind j focus down
bind k focus up
bind t focus top
bind b focus bottom
bind ^j focus down
bind ^k focus up
bind ^t focus top
bind ^b focus bottom

# I know about screen.  I don't need to see it every time I start the program.
# (Which is, admittedly, rarely.)
startup_message off
# I like a large scrollback
defscrollback 5000
# Run everything in UTF-8.
defutf8 on
# If a window goes unresponsive, don't block the whole session waiting for it.
defnonblock on

# Make screen messages stand out a little more - black on bright green.
sorendition "+b kG"

# 黑底
#hardstatus alwayslastline "%{= kB}%{c}[$LOGNAME@%H]%{-} %-Lw%{= .G}%n%f* %t%{-}%+Lw%< %{c}%=%Y-%m-%d %c:%s %D"

# color test
#hardstatus alwayslastline "%{= kw}kw %{= rw}rw %{= gw}gw %{= yw}yw %{= bw}bw %{= mw}mw %{= cw}cw %{= ww}ww %{= dw}dw %{= Kw}Kw %{= Rw}Rw %{= Gw}Gw %{= Yw}Yw %{= Bw}Bw %{= Mw}Mw %{= Cw}Cw %{= Ww}Ww %{= Dw}Dw"

# 绿底，主机名称和时间使用蓝色，其它都使用缺省前景色，当前窗口使用缺省背景，兼容黑底白字和白底黑字
hardstatus alwayslastline "%{= gd}%{b}[$LOGNAME@%H] %{d}%-Lw%{-}%{dd}%n%f* %t%{-}%{d}%+Lw%{-}%< %{b}%=%Y-%m-%d %c:%s %D"

# Add stuff to xterm (and cousins) title bars.  This is a moderate abuse of the
# hardstatus feature--it just puts the hardstatus stuff into an xterm title
# bar.
termcapinfo xterm*|Eterm|mlterm 'hs:ts=\E]0;:fs=\007:ds=\E]0;screen\007'
defhstatus "screen  (t) | $USER@H"
hardstatus off

# 256 color xterm
attrcolor b ".I"
termcapinfo xterm 'Co#256:AB=\E[48;5;%dm:AF=\E[38;5;%dm'
defbce "on"

# Variants on Sven's custom messages.
activity "%c activity -> %n%f %t"
bell "%c bell -> %n%f %t^G"
vbell_msg " *beep* "

# Make shift-PgUp and shift-PgDn work like they do in xterm.  (Note that this
# requires xterm to be configured to pass those keys through, and not try to
# act on them itself.)
bindkey "^[[5;2~" eval "copy" "stuff ^u"
bindkey -m "^[[5;2~" stuff ^u
bindkey -m "^[[6;2~" stuff ^d

%?%F活动窗口设置%:非活动窗口设置%?

#hardstatus alwayslastline "%{= cb}[$LOGNAME@%H] %{=r dd}%-Lw%{-}%{dd}%n%f* %t%{-}%{=r dd}%+Lw%{-}%< %{b}%=%Y-%m-%d %c:%s %D"
caption always "%?%F%{= cb}%:%{= cc}%?[$LOGNAME@%H] %?%F%{=r dd}%:%{= cd}%?%-Lw%{= dd}%n%f* %t%?%F%{=r dd}%:%{= cd}%?%+Lw%?%F%{= cb}%:%{= cc}%?%< %=%S %Y-%m-%d %c %D"

-a

把二进制文件当作文本文件

-b

输出要查找的内容在文件中的位置

-o

只输出匹配的内容

可以放到.bashrc中：

x17是打印17个byte。re中的.也代替一个字节。

在unzip超过4G的大文件时，unzip命令会出错： need PK compat. v4.5 (can do v2.1)

可以用7zip解压

Plotting package which outputs to X11, PostScript, PNG, GIF, and others.

可以根据公式作图。

http://phi.sinica.edu.tw/aspac/reports/95/95006/

http://www.cyut.edu.tw/~ckhung/b/ma/gnuplot.php

http://www.fire3.cn/2007/05/30/%E7%AE%80%E8%A6%81%E4%BB%8B%E7%BB%8Dgnuplot%E7%BB%98%E5%87%BD%E6%95%B0%E5%9B%BE.html

http://www.cyut.edu.tw/~ckhung/b/re/gnuplot.php

rrdtool

可以用来画各种图表。X轴是时间

JFreeChart

http://www.jfree.org/jfreechart/

• https://github.com/mooz/percol

https://github.com/peco/peco

比percol更快

install-peco.sh

1. 156.154.70.22

2. 156.154.71.22

1. 8.8.8.8

2. 8.8.4.4

1. 198.153.194.1(可用速度较快)

2. 198.153.192.1(已经不可用)

1. 208.67.222.222

2. 208.67.220.220

1. 2001:4860:4860::8888

2. 2001:4860:4860::8844

1. 202.181.224.2

1. 168.95.192.1

2. 168.95.1.1

1. 202.175.3.8

2. 202.175.3.3

1. 208.151.69.65

2. 205.252.144.228

3. 202.181.202.140

1. 202.12.27.33

2. 202.216.228.18

用DHCP的话，可以不设置，自动从DHCP服务器获取。

如果既要用DHCP，又不想通过DHCP更新DNS设置，在 /etc/conf.d/dhcpcd 中，DHCPCD_ARGS中加入"-R"参数

dnsutils

1. 使用国外DNS

2. rc.local下加入

   iptables -I INPUT -p udp -m udp --sport 53 -m u32 --u32 "0&0x0F000000=0x05000000 && 22&0xFFFF@16=0x5d2e0859,0xcb620741,0x0807c62d,0x4e10310f,0x2e52ae44,0xf3b9bb27,0xf3b9bb1e,0x9f6a794b,0x253d369e,0x9f1803ad" -j DROP
   iptables -I INPUT -p udp -m udp --sport 53 -m u32 --u32 "0&0x0F000000=0x05000000 && 22&0xFFFF@16=0x3b1803ad" -j DROP

• show rules:

  iptables [-t tables] [-L] [-nv] #tables defaults to filter

• clean rules

  iptables [-t tables] [-FXZ]

1. 在 /etc/conf.d/iptables 中，加入

   IPTABLES_FORWARD=1

2. 制定规则

   iptables -P FORWARD DROP
   iptables -A FORWARD -s 192.168.2.0/24 -j ACCEPT
   iptables -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
   #iptables -t nat -A POSTROUTING -o eth1 -s 192.168.2.0/24 -j SNAT --to 10.19.78.5
   iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o eth0 -j MASQUERADE
   #iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -d 10.0.0.0/24 -o eth1 -j MASQUERADE

Cacti 是一款基于 PHP 的网络流量监测工具，与 ntop 相比功能更强大。它通过 snmpget 获取数据，用 RRDtool 绘制图形。

cacti和ntop适合不同的场合，cacti适合监控分散在各地的服务器，treeview可以很好的组织视图，还有很多好用的插件，不光可以监控流量，还可以监控任何自己感兴趣的数据。抓取保存的rrd数据还可以做二次开发，或者直接在cacti里摆弄数据。相比指向ntop似乎就只能在网关上安装，适合监控内网的流量。

Cursor based console ip network monitor/sniffer

display bandwidth usage on an interface by host

ACTION=="add", SUBSYSTEM=="net", KERNEL=="usb0", RUN+="/sbin/ifconfig usb0 172.30.0.2 netmask 255.255.255.0"

1. open about:config

2. 在右键菜单中new→string

3. 新的键名为 browser.cache.disk.parent_directory

4. 值为 /dev/shm

5. 重启firefox，在/dev/shm下出现Cache目录证明设置成功

• Firecookie

  https://addons.mozilla.org/en-US/firefox/addon/6683

• Firequark

  quick html screen scraping

  http://www.quarkruby.com/2007/9/5/firequark-quick-html-screen-scraping

• FireScope

  FireScope is a Firefox add-on that integrates with Firebug, to extend it with reference material for HTML and CSS.

  https://addons.mozilla.org/en-US/firefox/addon/10273

Firefox 从 3.0 开始将书签、历史等信息存储到了 SQLite 数据库中，所以我们可以通过优化 SQLite 数据库来达到改善 Firefox 性能的目的。以下是操作步骤：

1. 转到 Firefox 的 profile 目录，默认位于 ~/.mozilla/firefox/xxxxxxxx..default/；

2. 若是针对单个的 SQLite 文件（如 places.sqlite）执行优化，则运行

   sqlite3 places.sqlite vacuum

   你也可以通过下列命令来对所有的 SQLite 文件执行优化：

   for s in *.sqlite; { sqlite3 $s vacuum; }

   Note	如果在你的 Linux 系统上找不到 sqlite3，则需要先行安装。另外，在执行优化时，你也要关闭 Firefox。

先用sortxml.py把scrapbook.rdf处理为每个项目一行

http://kb.mozillazine.org/Extensions.checkCompatibility

在 about:config 中，右键新建一个Boolean值， “extensions.checkCompatibility.<version>”，其中3.6.\*的version为3.6， 取值为false。

epubreader支持opds，但其opds数据库需要经过md5验证，可以用脚本加入自己 需要的地址

1. 准备好calibre2opds的数据库地址

   catelog

   小说xml http://dl.dropbox.com/u/????????/%E5%B0%8F%E8%AF%B4/_catalog/index.xml
   非小说xml http://dl.dropbox.com/u/????????/%E9%9D%9E%E5%B0%8F%E8%AF%B4/_catalog/index.xml
   Fiction xml http://dl.dropbox.com/u/????????/Fiction/_catalog/index.xml
   NonFiction xml http://dl.dropbox.com/u/????????/NonFiction/_catalog/index.xml

2. 在firefox profile目录下，epub目录中（有epub.sqlite文件）执行

   cat catalog | while read t u; do echo "insert into catalog (name, start, search, language, code) values ('$t', '$u', '', '', '$(echo
   -n "${u}6sx4Al" | md5sum | sed -e 's/\s*-.*//')');"; done  | sqlite3 epub.sqlite

Qt4 (C++) based download manager with support for HTTP, FTP, SFTP, BitTorrent, rapidshare and more

可以下载megaupload、rapidshare、4shared等一系列网盘上的软件

wget

单页面浏览器界面

http://binux.github.io/yaaw/

• https://github.com/iikira/BaiduPCS-Go

遇到这个错：

获取目录下的文件列表: 遇到错误, 远端服务器返回错误, 代码: 4, 消息: No permission to do this operation

可能是APPID被封杀了。

https://github.com/Lurito/PCSID-Spider

netcfg

• 在/etc/network.d下为每种网络配置编写一个文本文件

• ethernet

  CONNECTION="ethernet"
  DESCRIPTION="A very basic ethernet profile, using dhcp"
  INTERFACE=eth0
  IP="dhcp"
  DHCP_TIMEOUT=10

• wep wireless

  CONNECTION="wireless"
  DESCRIPTION="A simple WEP encrypted wireless connection"
  INTERFACE=wlan0
  SCAN="yes"
  SECURITY="wep"
  ESSID=MyNetwork
  KEY="1234567890"
  IP="dhcp"

• wpa wireless

  CONNECTION="wireless"
  INTERFACE=wlan0
  SCAN="yes"
  SECURITY="wpa"
  ESSID=mynetwork
  KEY="SomePasskey"
  IP="dhcp"
  TIMEOUT=20

/usr/lib/network/connections/ethernet :

1. 直接使用

   netcfg [profile_name]
   netcfg-menu

2. 指定启动时使用的profile

   在/etc/rc.conf中加入：

   NETWORKS=(home)

3. 在启动时让用户选择profile

   在/etc/rc.conf中加入：

   NETWORKS=menu

4. 启动时自动搜寻无线网络

   在/etc/rc.conf中加入：

   AUTO_NETWORKS=(auto-wireless wlan0)

代替原来的jap

www.jondos.de

• https://github.com/gfwlist/gfwlist

• https://raw.githubusercontent.com/gfwlist/gfwlist/master/gfwlist.txt

/etc/rc.d/openvpn : 启动脚本，可以自动扫描/etc/openvpn/*.conf文件，为每个文件启用一个VPN

1. 查看有几块网卡

   ifconfig -a

2. 使用iwconfig

   # 在wireless-tools包中
   sudo iwconfig wlan0 mode master

   如果看到下面提示，说明测试失败：

   Error for wireless request "Set Mode" (8B06) :
       SET failed on device wlan0 ; Invalid argument.

3. 使用iw

   有些新的网卡用的是mac80211 framework，对于这些网卡的话， 用iwconfig来测试它是否支持master模式是行不通的。 因为他们是使用新的 nl80211接口在用户空间通信的，可以用iw试一下：

   # 在iw包中
   iw list

   如果在“Supported interface modes”中有“AP”就说明支持，否则不支持：

   Supported interface modes:
            * IBSS
            * managed
            * AP
            * AP/VLAN
            * monitor

1. 使用最简配置进行测试

   #change wlan0 to your wireless device
   interface=wlan0
   driver=nl80211
   ssid=test
   channel=1

   测试hostapd

   sudo hostapd ./hostapd.conf

   这个信息表示hw_mode (a, b or g)设置不正确

   Hardware does not support configured mode
   wlan0: IEEE 802.11 Hardware does not support configured mode (2)
   Could not select hw_mode and channel. (-2)
   wlan0: Unable to setup interface.
   rmdir[ctrl_interface]: No such file or directory

2. 了解所使用的设备的能力

   Encryption: wpa-psk + tkip
   Wireless Mode: g
   Normal for an environment that has to support semi legacy devices, that don't support ccmp or wpa2

   Encryption: wpa2-psk + ccmp
   Wireless Mode: g+n
   Normal for an environment that has only up to date hardware and software

   Encryption: wep
   Wireless Mode: b
   This is the works case scenario, as wep is broken and can be trivially cracked.  Don't consider this as anything more than keeping casual free loaders out.

3. 正式配置

   1. Wireless Interface

      interface

      Tells hostapd what wireless interface to use

      bridge

      Set to a bridge if the wireless interface in use is part of a network bridge interface

      driver

      For our purposes, always nl80211

      If you only have 1 wireless interface, and it’s going to be bridged with a wired interface, a good example setup would be:

      interface=wlan0
      bridge=br0
      driver=nl80211

   2. Wireless Environment

      ssid

      Sets the name (SSID = service set identifier) of the network, wireless extensions/iwconfig incorrectly calls this "essid".

      hw_mode

      Sets the operating mode of the interface, and the allowed channels. Valid values depend on hardware, but are always a subset of a, b, g

      channel

      Sets the channel for hostapd to operate on. Must be a channel supported by the mode set in hw_mode, as well as allowed by your countries Wireless Regulatory rules.

      ssid=MyNetwork
      hw_mode=g
      channel=1

      Note	hw_mode中，g是最常用的选项

   3. 802.11n Setting

      如果需要使用802.11n，可以设置下面的选项。否则可以忽略

      ieee80211n

      Set to 1 to enable 802.11n support, 0 to disable it

      ht_capab

      A list of the 802.11n features supported by your device

   4. Authentication and Encryption

      macaddr_acl

      This controls mac address filtering. Mac addresses are easily spoofed, so only consider the use of this to be augmenting other security measures you have in place.

      auth_algs

      This is a bit field where the first bit (1) is for open auth, the second bit (2) is for Shared key auth (wep) and both (3) is both.

      ignore_broadcast_ssid

      This enables/disables broadcasting the ssid.

      wpa

      This is a bitfield like auth_algs. The first bit enables wpa1 (1), the second bit enables wpa2 (2), and bothe enables both (3)

      wpa_psk/wpa_passphrase

      These establish what the pre-shared key will be for wpa authentication.

      wpa_key_mgmt

      This controls what key management algorithms a client can authenticate with.

      wpa_pairwise

      This controls wpa’s data encryption

      rsn_pairwise

      This controls wpa2’s data encryption

      First, scratch macaddr_acl and ignore_broadcast_ssid from your priorities as they only enhance security (and even then, only slightly). Also, WEP has been effectively broken now, so unless you HAVE to support wep, scratch that from your list. This just leaves wpa/wpa2. Per the draft standard, wpa2 is required for 802.11n, and as there are known attacks on wpa now, wpa2 is the recommended authentication and encryption suite to use. Fortunately, you can have both enabled at once. If Windows clients are going to be connecting, you should leave ccmp encryption out of the wpa_pairwise option, as some windows drivers have problems with systems that enable it.

      • A good starting point for a wpa & wpa2 enabled access point is:

        macaddr_acl=0
        auth_algs=1
        ignore_broadcast_ssid=0
        wpa=3
        wpa_passphrase=YourPassPhrase
        wpa_key_mgmt=WPA-PSK
        wpa_pairwise=TKIP
        rsn_pairwise=CCMP

If, alternately, you just want to support wpa2, you could use something like:

1. 安装dnsmasq

2. 配置/etc/dnsmasq.conf

   • Choosing Your Interfaces

     interface=eth1
     interface=eth2

   • Basic DHCP Setup

     dhcp-range=eth1,192.168.100.100,192.168.100.199,4h

logoutput: syslog
internal: 172.31.1.1 port = 8080
external: eth0
method: none
client pass {
    from: 172.31.1.2/24 port 1-65535 to: 0.0.0.0/0
    log: error
}
pass {
    from: 172.31.1.2/24 to: 0.0.0.0/0 port 1-65535
    method: none
    log: error
}

• create system user and group

  groupadd ftpgroup
  useradd -g ftpgroup -d /dev/null -s /etc ftpuser

• file format of /etc/pureftpd.passwd

  <account>:<password>:<uid>:<gid>:<gecos>:<home directory>:<upload bandwidth>:<download bandwidth>:<upload ratio>:<download ratio>:<max number of connections>:<files quota>:<size quota>:<authorized local IPs>:<refused local IPs>:<authorized client IPs>:<refused client IPs>:<time restrictions>

• add new user

  pure-pw useradd joe -u ftpuser -d /home/ftpusers/joe
  # -d :: chroot
  # -D :: don't chroot
  # -r :: allow client host
  # -R :: deny client host

• change user

  pure-pw usermod

• delete user

  pure-pw userdel <login> [-f <passwd file>] [-m]

• change password

  pure-pw passwd <login> [-f <passwd file>] [-m]

• show user info

  pure-pw show <login> [-f <passwd file>]

• commit change / convert passwd file to puredb

  no need to restart pure-ftpd

  pure-pw mkdb

目前，可以从以下地址获取不定时更新的Tor缓存文件（任选一个链接即可，请注意使用防病毒软件检查安全性）：

1. http://www.chenshaoju.com/downloads/tor/cache.zip

2. http://www3.chenshaoju.com/downloads/tor/cache.zip

3. http://www.filedropper.com/tor2009-09-27

转换为unix格式再放到/var/lib/tor下

具体的配置在/etc/ppp下，其中，用户名和密码信息在/etc/ppp/chap-secrets中，服务器信息在/etc/ppp/peers下

pptpsetup生成的配置文件中，可能domain和用户名之间可能只有一个反斜杠，应该是两个反斜杠。

pptpsetup生成的配置文件没有引用/etc/ppp/options.pptp，因此可以自己往/etc/ppp/peers下的配置中加入：

• LCP terminated by peer

  可以启动debug看原因。可能是/etc/ppp/chap-secrets中，DOMAIN与Username之间是一个反斜杠，应该是两个反斜杠

• No auth is possible

  可能是chap-secrets中有错误，或者options.pptp中指定的验证方式和server不一致

• -i any : Listen on all interfaces just to see if you’re seeing any traffic.

• -n : Don’t resolve hostnames.

• -nn : Don’t resolve hostnames or port names.

• -X : Show the packet’s contents in both hex and ASCII.

• -XX : Same as -X, but also shows the ethernet header.

• -v, -vv, -vvv : Increase the amount of packet information you get back.

• -c : Only get x number of packets and then stop.

• -s : Define the snaplength (size) of the capture in bytes. Use -s0 to get everything, unless you are intentionally capturing less.

• -S : Print absolute sequence numbers.

• -e : Get the ethernet header as well.

• -q : Show less protocol information.

• -E : Decrypt IPSEC traffic by providing an encryption key.

• and/or/not : 条件组合

• host : look for traffic based on IP address (also works with hostname if you’re not using -n)

  tcpdump host 1.2.3.4

• src, dst : find traffic from only a source or destination (eliminates one side of a host conversation)

  tcpdump src 2.3.4.5
  tcpdump dst 3.4.5.6

• net : capture an entire network using CIDR notation

  tcpdump net 1.2.3.0/24

• proto : works for tcp, udp, and icmp. Note that you don’t have to type proto

  tcpdump icmp

• port : see only traffic to or from a certain port

  tcpdump port 3389

• src, dst port : filter based on the source or destination port

  tcpdump src port 1025
  tcpdump dst port 389

• src/dst, port, protocol : combine all three

  tcpdump src port 1025 and tcp
  tcpdump udp and src port 53

• portrange : see traffic to any port in a range

  tcpdump portrange 21-23

• Packet Size Filter : only see packets below or above a certain size (in bytes)

  tcpdump less 32
  tcpdump greater 128

• packet name: openntpd

• config: /etc/ntpd.conf

• 在ntpd.conf中加入servers=210.72.145.44

• 在rc.conf加入openntpd

openntp/ntp都提供了校时的功能。也可以使用ntpdate

• packet name: ntpdate

• 使用

RHEL 6.3上，/etc/localtime的属性为777时会导致时区错误。

时区设置方法：

1. tzselect 选择一遍时区

2. 执行 tzdata-update 同步时区配置

3. 手工执行 hwclock --systz 命令设置好系统时区

NOTE 1: if you want to use yaourt as user,
      you could add some entries in sudoers file:
         user ALL=NOPASSWD: /usr/bin/pacman
         user ALL=NOPASSWD: /usr/bin/pacdiffviewer
         Please, use sudo very carefully.
NOTE 2: voting for favorite packages on AUR requires 'aurvote'.
NOTE 3: customizing PKGBUILD requires 'customizepkg'.
NOTE 4: for a full colorized output, install pacman-color and set PacmanBin in /etc/yaourtrc

pacman-color have owns config: /etc/pacman-color.conf
pacman's config is included in pacman-color.conf

you can change any color in '/etc/pacman.d/color.conf'

Partition table entries are not in disk order

98R01-YU2F0-2F7EJ-4C6CM
98R2N-YKQ45-24K50-4LJR9
98R05-YK741-2FQ54-4T714
9AR25-YKP61-26L70-4HKJR
98924-YK640-24P5K-48QLD

在.muttrc中加入

缺省情况下，mutt 是把邮件原文引在正文里，然后转发的，并且缺省不带有附件，而我们很多时候更喜欢把原来的整个邮件作为附件转发，这个可以通过在配置文件里加入下面两行来实现：

这是由于w3m引起的。用w3m -I gbk就是正常的。

可以用 w3m -o auto_detect=0 也是可以的，或者在 $HOME/.w3m/config 下：

mairix

http://www.rpcurnow.force9.co.uk/mairix/

nmzmail

http://www.ecademix.com/JohannesHofmann/#nmzmail

crm114

spamfilter.lua+osbf-lua crm114的lua port

可以避免每次进入一个目录时找时间的扫描。

在muttrc中加入：

由于mutt会错误解释<enter>，因此在脚本中把<enter>分两部分输出。

http://wiki.dovecot.org/SSL/CertificateCreation

• 字幕字体

  ln -s /path/to/font ~/.mplayer/subfont.ttf

• 字幕编码

  ~/.mplayer/config 中加入

  subcp=gbk

• 字幕大小

  ~/.mplayer/config 中加入

  subfont-autoscale=1
  subfont-text-scale=5

• 禁用xscreen-saver

  在新版mplayer中，只支持暂停标准接口的屏保，不支持xscreen-saver，因此需要使用mplayer提供的heartbeat机制，让xscreen-saver暂时不激活。

  ~/.mplayer/config 中加入

  heartbeat-cmd="xscreensaver-command -deactivate"

MOC正常显示中文MP3的tag有两个条件：

1. tag是用UTF-8编码的

2. 不存在ID3 v1 tag（就是旧版的MP3 Tag信息）

http://www.chinaunix.net/jh/4/1110165.html http://blog.chinaunix.net/u3/95775/showart_1920754.html

~/.moc/config中加入：

• quality in 85

• progressive (comprobed compression)

• a very tiny gausssian blur to optimize the size (0.05 or 0.5 of radius) depends on the quality and size of the picture, this notably optimizes the size of the jpeg.

• Strip any comment or exif tag

批量in-place修改（注意做好备份）：

1. 切除固定的边距，把边上的杂点和页码尽量去掉

   for i in *.pbm ; do echo $i; convert $i -shave 40x70 -negate -colors 2 ${i%%.pbm}-shave.png; done

2. 把前面处理过的文件进行自动切边

   for i in *-shave.png ; do echo $i; convert $i -crop `convert $i -virtual-pixel edge -blur 0x8 -fuzz 15% -trim -format '%wx%h%O' info:` +repage ${i%%-shave.png}.png; done

1. 切边＋二值化

   for i in *.ppm ; do echo $i; convert $i -shave 90x60 -fuzz 15% -trim +repage -contrast-stretch 10%,16% -colors 2 ${i%%.ppm}.png; done

用-extent wxh 可以指定图像新的大小，通过加边框实现，对图像进行缩放

将目录里的jpg文件按顺序拼成x轴22块，y轴2块的图 ，每个图块的大小为64X512像素，输出文件为10-.jpg

把 1.jpg、2.jpg、3.jpg等多张图片沿“水平方向”（ +append）拼成 0.jpg（最后一个文件名是拼出的成品）

把 1.jpg、2.jpg、3.jpg等多张图片沿“垂直方向”（ -append）拼成 0.jpg（最后一个文件名是拼出的成品）

可以分两步，第一步把小图拼成多个水平方向的长条，第二步把长条按垂直方向合并成一个大图。

把大图1.jpg按128x128分割成了多张小图0-1.jpg 0-2.jpg …​

从1.jpg 以座标 6,7 为起点切一片 128x64 的块生成 0.jpg

从0.jpg 以座标 0,0 为起点切一片 448x512 的块生成你要的 1.jpg，相当于右边剪裁掉64像素

将0.jpg 锐化后生成1.jpg，锐化指数5，此数值越大，锐化度越高，图像细节损失越大

1. 安装程序

   sudo pacman -S pulseaudio

2. 把用户加入到pulse-access组

   gpasswd -a USERNAME pulse-access

1. Server装入module-native-protocol-tcp模块

   /etc/pulse/default.pa:

   load-module  module-native-protocol-tcp

2. /etc/hosts.allow中允许pulseaudio-native服务

   /etc/hosts.allow:

   pulseaudio-native: ALL

3. 从server上把pulseaudio的cookie拷贝到client上

   cookie在server上的/var/run/pulse/.pulse-cookie， 可以拷贝到clinet上的/etc/pulse-cookie

   client上的cookie文件要正确设置owner和权限

   # chown pulse:pulse-access /etc/pulse-cookie
   # chmod 640 /etc/pulse-cookie

4. 在client上指定cookie文件的路径

   /etc/pulse/client.conf:

1. 在client上指定pulseaudio的server

   /etc/pulse/client.conf:

http://gleamynode.net/articles/2228/streaming-audio-from-windows-to-pulseaudio-server

• linux server

  nc -lp 4712 | pacat --playback

• windows

  linco.exe -B 16 -C 2 -R 44100 | nc.exe <host> 4712

  Note	linco只会发送windows录音的声音，因此需要把音频输出包括进去。

  linco.exe

  http://sourceforge.net/project/showfiles.php?group_id=99332&package_id=107331

  nc.exe

  http://joncraton.org/files/nc111nt.zip

    vorbis-tools: For OGG support
    flake: Alternative FLAC encoder
    mac: For APE support
    wavpack: For WavPack support
    shorten: For shorten support
    ttaenc: For True Audio Codec support
    lame: For MP3 support
    id3v2: For MP3 tagging support
    faac: For AAC in M4A support
    faad: For AAC in M4A support

%s/liberator\.\(commandline\|commands\|options\|echo\|buffer\|mappings\|bookmarks\|globalVariables\)/\1/g

AWT_TOOLKIT=MToolkit

http://code.google.com/p/asciidoc-slidy2-backend-plugin/

http://hongfei6.wordpress.com/2011/07/04/%E4%B8%BAasciidoc%E6%A0%BC%E5%BC%8F%E6%96%87%E4%BB%B6%E5%A2%9E%E5%8A%A0outliner%E5%8A%9F%E8%83%BD/

asciidoc在make的过程中会检测有没有安装vim，从而决定是否安装相应的vim插件。在archlinux的PKGBUILD中，由于不是在真实环境下进行make install，因此asciidoc会认为没有安装vim，从而不会安装vim插件，需要把PKGBUILD中的build()改为：

uuidgen
tune2fs /dev/hdaX -U numbergeneratedbyuuidgen
#verification with
vol_id /dev/hdaX

#one can use xargs or a variable and ; to make that a one liner

uuidgen | xargs tune2fs /dev/hdaX -U ; vol_id /dev/hdaX

1. 准备好新分区（例如sda7）

2. 用随机数填充新分区（可选）

   sudo dd if=/dev/urandom of=/dev/sda7

3. 创建加密分区

   sudo cryptsetup -c aes-xts-plain -y -s 512 luksFormat /dev/sda7

   Note	在格式化时需要输入口令

   Note

   关于加密方式 this article will use XTS-AES as encryption algorithm because it was standardized as IEEE P1619 Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices and it is quite secure, however the XTS mode is still flagged as "experimental" in the Linux kernel, so if you want something less secure but more proven, you should go with the CBC-ESSIV mode. The XTS mode is supported by Linux 2.6.24 upwards (ISO of Arch 2008.06 upwards). The XTS mode uses two keys of the same size, therefore available sizes (using XTS-AES) are 256 (128 \* 2), 384 (192 \* 2) and 512 (256 \* 2).

4. 映射加密分区

   sudo cryptsetup luksOpen /dev/sda7 data

   Note	加密分区会被映射到/dev/mapper/data

5. 格式化加密分区

   sudo mkfs.ext3 /dev/mapper/data

6. 挂载加密分区

   sudo mount /dev/mapper/data /media/mount_point

只要你有足够的权限，你就可以使用dmsetup命令，你可以显示设备映射，观看哪个设备是可用的，即便并没有被挂载。从这种意义上看，这个设备在一定程度上已经被解密了。为了防止出现以上情况，你可以运行以下命令以正确卸载设备：

你可以为一个加密分区添加多个密钥或者删除这些密钥

• 添加密钥需要在终端输入：

  sudo cryptsetup luksAddKey /dev/HARDDISK

• 删除密钥则在终端输入：

  sudo cryptsetup luksDelKey /dev/HARDDISK

1. 在/etc/crypttab中添加

   swap /dev/sdaX SWAP "-c aes-xts-plain -h whirlpool -s 512

2. 把/etc/fstab中swap的行改为

   /dev/mapper/swap swap swap defaults 0 0

FreeOTFE

1. 这个方法好像不行，可能只针对硬盘？

http://www.linuxquestions.org/questions/slackware-14/safely-remove-usb-external-hard-drive-703326/

1. 这个方法可能可以

http://www.mepis.org/node/13750#comment-52862

1. 参考上面的方法，这样可以把U盘的灯灭掉

1. debian+树莓派

   • http://raspberrypi.stackexchange.com/questions/14843/how-to-eject-usb-device-on-raspberry-pi-not-just-unmount