SDS configuration and performance

Quote: The three candidates in the test follow different approaches. Ceph is a distributed object store that can also be used as a filesystem in the form of CephFS [4]. GlusterFS and LizardFS, on the other hand, are designed as filesystems; however, although just two nodes are enough to operate a Gluster setup, LizardFS needs an additional control node, for which it has a web interface (Figure 1) that informs you about the state of the cluster.

REF: http://www.admin-magazine.com/Archive/2017/37/SDS-configuration-and-performance

applied psychology

• conformity
• pacing, synchronicity
• Barnum effect
• Yes but and
• personal space
• Mechanism:5:4:1
• primacy effect
• recency effect
• angle & color selection:red blue yellow green purple black grey
• Pygmalion effect
• golem effect
• gain loss effect
• bandwagon effect
• modeling theory
• minority influence
• cognitive dissonance theory
• sunk cost effect
• placebo effect auto suggestion projection
• profess effect
• howling effect
• foot in the door technique
• door in the face technique
• consistency principle
• yes if
• mirror effect
• reciprocity
• scarcity principle
• Mere-exposure effect
• Zeigarnik effect
• contrast effect
• Expectancy-value theory
• Halo effect

ANBOX - ANDROID IN A BOX

Anbox puts the Android operating system into a container, abstracts hardware access and integrates core system services into a GNU/Linux system. Every Android application will be integrated with your operating system like any other native application.

REF: http://anbox.io

blackmagic nab 2017

REF: https://www.blackmagicdesign.com/email/2017/nab2017/en/

Here is a short list of new products and updates. Major new DaVinci Resolve 14 New ATEM Television Studio Pro HD Bluetooth support for URSA Mini Pro 10 languages on Blackmagic Video Assist Full scopes on Blackmagic Video Assist 4K New UltraStudio HD Mini for Thunderbolt 3 Blackmagic Duplicator 4K H.264 update New lower price for Ultimatte 11 There are also lots of other details, which I will cover for each update below!

Keep rsync From Using All Your Bandwidth

REF: https://www.howtogeek.com/50794/keep-rsync-from-using-all-your-bandwidth/

So if you wanted to limit transfer to around 5MB per second, you could use a command like this:

rsync --bwlimit=5000 /backup/folder user@host:/remote/backup/folder/

NRCS: server admin

• Corosync, Java, PostgresQL (packages)
• server.log (Admin Guide)
• /(app root)/server/data (uploaded files)

PaaS: Docker support

這篇文章有提到 proxmox VE 上面也能跑 docker 再裝上個 docker GUI 界面 portainer 就更好用了。文章介紹的是 pve 5.0 它還是beta版。

REF: https://www.servethehome.com/creating-the-ultimate-virtualization-and-container-setup-with-management-guis/

Critical H.264 and H.265 Decoder Vulnerabilities

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/april-android-security-bulletin-addresses-critical-h-264-h-265-decoder-vulnerabilities/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+Anti-MalwareBlog+%28Trendlabs+Security+Intelligence+Blog%29

In April’s Android Security Bulletin, we discovered and privately disclosed seven vulnerabilities—three of which were rated as Critical, one as High, and another three as Moderate. As with the previous bulletins, Google urges owners of devices that are directly updated by Google to apply the over-the-air (OTA) update released to address these vulnerabilities.  Non-native Android device users can check with their service providers or device manufacturers for the availability of the April updates.

Check_MK: customized Windows event log

REF: http://lists.mathias-kettner.de/pipermail/checkmk-en/2013-July/009851.html

>>> If you create a file called check_mk.ini in the agent directory then
>>> you can configure which eventlogs and which levels to process. Here is an
>>> example:
>>> check_mk.ini
>>>
>>>
>>>
>>> [logwatch]
>>>     # From the Application log send only critical messages
>>>     *logfile application = crit*
>>>
>>>     # From the Security log send all messages
>>>     *logfile security = all*
>>>
>>>     # Do not process other event logs at all
>>>     *logfile * = off*
>>>

PaaS: vzdump read-only

using NFS as remote mount point is a good idea, when the VM Host is going down to read-only state. For example, HDD failure issues.

/mnt
/var/log/pve/tasks
/var/log/vzdump
/var/lib/vz/lock
/var/lib/vz/private//etc
/etc/pve/nodes//qemu-server

CDN: Cloudflare free services

REF: https://sofree.cc/cloudflare-free-cdn/

網路上應該找不到第二家免費無限流量的CDN服務，Cloudflare本身提供付費與免費版本，付費版本多了更多的節點，也可以大量的擋下攻擊。免費版則功能上差了一些。而付費版的CDN購買是針對單一網域購買，所以註冊帳號免費，你帳號內可有些是買付費版、有些用免費版。另外，透過Cloudflare的好處，就如官網所提供的資訊，提供DNS代管服務、減少主機流量與資源消耗、阻擋惡意攻擊、加速網站瀏覽速度等。

Cloudflare的CDN服務是免費無限制流量，而CDN是什麼呢？全名是「內容傳遞網路」(Content delivery network或Content distribution network)，簡單說就是CDN伺服器會分散於全球各地，而這些伺服器會去抓取你網站的內容快取，而如果你人在美國，讀取了有掛CDN的網站，它就會就近讀取美國節點的網站，儘管網站在台灣，你也會感覺瀏覽速度不差。透過分散式的節點，可以分散網站的資源使用，如果你存取的美國節點失效，它會在就近找一個新的節點存取資料，讓資料不間斷。

從2016四月上旬陸續Cloudflare開始提供台灣台北節點(TPE)，在台灣使用Cloudflare終於不需要特別繞到香港的節點，造成網站在尖峰時間卡卡卡的。不過節點的選擇取決於您的位置、ISP業者等等，沒有辦法保證您的連線位置，但是在台灣的使用者應該超過一半以上都可以連線到台灣節點，除非台灣節點掛掉才會轉向到其他鄰近國家。

LXDE lightweight

LXDE, the lightweight Desktop developed by Taiwanese, is so light, which can be used with KNOPPIX or Ubuntu (Lubuntu), with customizable themes.

REF: https://en.wikipedia.org/wiki/LXDE

CIFS: mount error 13 = Permission denied

REF: https://amos-vwr.blogspot.tw/2012/01/mount-error-13-permission-denied.html?m=1

通常的原因是使用 domain account的寫法不正確，例如
mount -t cifs /// /mnt/Shared -o username=/,password=
請特別注意，domainname/username  跟 domainname\username 雖然經常是兩著都可以通用，但有時候，就是不能不信邪，就是會得到不一樣的結果

NRCS: log checks

The best tool to use for reading the octopus logs is the LogReader most of the time located under /octopus/tools/LogReader. Logs include server side and client side logs.

API.log

calls to REST API are logged here, which are the calls from Mobile/Table clients as well

AS.log

ActiveSync - subscription to lists, i.e. wires, stories, etc

autoActions.log

automatic actions - create, archive, delete, etc.

clientErrors.log

client errors sent from the clients to the server

clients.log

number and list of active desktop clients

...and more. referred to the Admin Guide.

Gimp: Hue adjustment

Hue can be easily adjusted by Gimp, the open source image editor. Its GUI is similar to Adobe Photoshop, therefore designers can also easily apply some basic tuning via Gimp.

For example, hue adjustment can be done by opening the image, then go to image->mode to change index to RGB, then go to hue/saturation/brightness section to adjust to what you want, then go back to index the modified image, then finally export it to the desired file format.

ISO 27018 for PIMS

REF: https://www.bsigroup.com/zh-TW/ISO27018/

ISO/IEC 27018 公有雲個人資料(PII)處理者之個資保護作業規範

ISO/ IEC 27018是第一個致力於公共雲保護個人資訊的國際標準，其目的為:

協助雲端服務顧客及公有雲PII處理者進入契約化之協議。

幫助公有雲服務提供者在扮演PII處理者時適用之遵循義務。

使公有雲PII處理者在相關事務上透明，雲端服務顧客可選擇良好治理、以雲端為基礎之PII處理服務。

Ubuntu 17.04 (Zesty Zapus)

REF: https://itsfoss.com/ubuntu-17-04-release-features/

UNITY 8

Unity 8 in action

Ubuntu users have been hearing a lot about Unity 8 for the last couple of years but so far Unity 8 is nowhere to be seen officially. Of course, there are ways you can run Unity 8 in Ubuntu releases already but that’s the experimental way.

Ubuntu 17.04 does bring this experimental build of Unity 8. Though Unity 7 will still be the default desktop environment, you can select between Unity 7 and Unity 8 at the login screen.

You can choose between Unity 7 and Unity 8 in Ubuntu 17.04

In case you didn’t know, Unity 8 is the new version of Unity desktop of Ubuntu and it will be coupled with Ubuntu’s own Mir display server. Unity 8 is important because it brings convergence to the desktop side of Ubuntu.

Update: Unity 8 won’t be the default desktop on Ubuntu 17.04 or 17.10 or 18.04. Ubuntu Unity is dead and GNOME will be the default desktop environment starting Ubuntu 18.04.

CIFS: mounted anonymously

Windows 7 set password off for anonymous mount:

REF: https://superuser.com/questions/401471/how-to-create-a-windows-7-fileshare-that-requires-no-authentication

Go to Control Panel -> Network and Internet -> Network and Sharing Center -> Advanced sharing settings and change Password protected sharing to off. See picture below:

Microsoft Modern Security Day

• OMS,similar with MK
• advanced threat analysis, protection
• behavior based detection
• 70-80 technologies, machine learning to lessen manpower
• to endpoint windows defender
• ex. email, cloud scanning for URLs and attachments.
• DLP, ASM, sensitive content filtering
• Azure keyword tag filtering check
• MSRA, security risk assessment
• Protect, Detect, Respond

NRCS: MOS agents and devices

There might be just one MOSAgent handling multiple MOS devices, or one MOSAgent per MOS device. First solution is less RAM consuming and also is
used when some MOS devices should work on the same ports as you can not have two or more services running on the same ports. Advantage of the
second solution is that you can start/stop or restart daemon only for one particular MOS device, but it consume more RAM. So it is up to your
preferences. The second solution is recommended.

CIFS: mounted for specified user

REF: http://unix.stackexchange.com/questions/68079/mount-cifs-network-drive-write-permissions-and-chown

Specify the user and group ID that the mounted network share should used, this would allow that particular user and potentially group to write to the share. Add the following options to your mount: uid=,gid= and replace  and  respectively by your own user and default group.

sudo mount -t cifs -o username=${USER},password=${PASSWORD},uid=,gid= //server-address/folder /mount/path/on/ubuntu

TeamViewer vs VNC

TeamViewer is convenient but hard to managed centrally. Therefore using VNC or RDP through VPN may be better solutions when remote GUI is needed.

server HDD checks

green light on HDD trays should flash during boot, which indicates the HDD is connected properly. Otherwise, case should be opened for checking. For example, internal screw missing.

REF: https://youtu.be/qYNFyhwYW1A

Mail: lock error

MDaemon發生maildrop already lock的錯誤，是同時兩個裝置使用POP收信造成，參考網址如下。

REF: http://blog.752club.com/mdaemon-multi-pc-receive-pop3-account/

Tesla in Taipei

Tesla in Taipei.

NRCS: action tracking

• Who edited particular story?
• Who edited the rundown?

For Octopus, Login to the octopus server and open the simpleLogger.log located under /octopus/server/log/%date%/ and search for the particular changes.

NLE render time

NLE render time 受以下條件影響：

1. 根據經驗，運算XDCAM 35M時，使用SSD的穩定度會提高。I/O分開兩個SSD。
2. 專案軌道數，儘量控制在5軌。軌道太多，運算速度會明顯下降。
3. 以上條件，選擇XDCAM 35M輸出時，約是1:1稍長一些，與單一軌道輸出XDCAM的時間比差不多。
4. 其他動畫層應轉去即時播出系統處理。理想上只要做兩層(圖卡，footage)。

Finally: Java 9

REF: http://www.admin-magazine.com/Articles/Finally-Java-9?utm_source=ADMIN+Newsletter&utm_campaign=ADMIN_Update_144_What%27s_New_in_Java_9%3F_2017-29-03

Jigsawing

One core feature of Java 9 par excellence is the Java Platform Module System that became known as Project Jigsaw [3]. Thus far, the Java compiler and the run-time environment have thrown all available libraries from the class path into a large pot. Whether this turns out to be a tasty soup or smoke and mirrors partly depends on subtle changes in the class path.

MAM: Image Recognition

REF: http://www.resourcespace.com/feed?42

Just because there's a long list of happy customers successfully managing their digital photographs, videos and documents with ResourceSpace, doesn't mean that we stop striving for the next big improvements. Which is why we're happy to announce the launch of version 8.1, with even more ways for you to collate and integrate your digital content.

Failed login attempts on Mac

REF: http://apple.stackexchange.com/questions/120668/ddg#120670

You can use this Terminal command:

cat /private/var/log/system.log | grep "Failed to authenticate"

Feb 11 16:48:04 g authorizationhost[15313]: Failed to authenticate user  (error: 9).
Feb 11 16:48:06 g authorizationhost[15313]: Failed to authenticate user  (error: 9).