X

Recent Posts

Personal

Snow Leopard

Days ago, I ownloaded an app. The installation failed because it is for Snow Leopard. I then realized that Mac OS X 10.6 had been released for a while, actually a year ago. I thought I should upgrade my macbook. It worked great, but should I give Snow Leopard a try?I ordered the DVD and went ahead to upgrade without checking for reviews. The installation took about one hour. Initially it seemed OK. Apps I used daily continued to work, though I didn't notice anything better. I was not sure whether it was running on Snow Leopard. When I started to use other apps, troubles kept coming. Firstly ROR didn't work, then VPN didn't start, and the worst crash. It crashed twice in a day.I so regretted that I upgraded the OS when it crashed 2nd time. Fortunately it didn't take me too long to figure out the root cause and got it fixed. The culprit was growl. The error showing on "console messages" was "attempt to pop an unknown autorelease pool", lots of them, all from growl. The solution is to update growl to the latest 1.2.According to http://www.versiontracker.com/dyn/moreinfo/mac/12696&page=2,VPN client needs a reinstall. Before reinstall, I did uninstall, "sudo /usr/local/bin/vpn_uninstall". Somehow, the new VPN client window didn't pop up even with the reinstall. I learned to start it by command line "vpnclient connect your_profile". Before I figuring out the cause, the problem was gone after a few reboots.The ROR issue was real pain. The error was a "500 Internal Server Error", "uninitialized constant MysqlCompat::MysqlRes", "/Library/Ruby/Gems/1.8/gems/activesupport-2.3.4/lib/active_support/dependencies.rb:440:in `load_missing_constant'". I uninstalled the mysql and installed latest 5.1.47 64 bit version. The error switched to "dyld: lazy symbol binding failed: Symbol not found: _mysql_init". There are many posts on ROR forums about the fixes. Somehow, it took me 2 days to find this excellent post href="http://weblog.rubyonrails.org/2009/8/30/upgrading-to-snow-leopard. Running the following commandsudo env ARCHFLAGS="-arch x86_64" gem install mysql -- --with-mysql-config=/usr/local/mysql/bin/mysql_configROR started to work again. Lesson learned - search on the web to see what others said before install, upgrade any softwares, especially before an OS upgrade.

Days ago, I ownloaded an app. The installation failed because it is for Snow Leopard. I then realized that Mac OS X 10.6 had been released for a while, actually a year ago. I thought I should upgrade...

Sun

Debug xmlsec

OpenSSO uses xmlsec API to verify digital signature. In case the API returns a false, but you have no idea about the cause when just looking at the XML doc, you may want see debug messages printed out from the xmlsec APIs.Since xmlsec uses standard java.util.logging packages to log debug messages. So you can pass a jvm option -Djava.util.logging.config.file=log.properties in web container config file with content in log.properties looks like followinghandlers = java.util.logging.FileHandler.level = INFOjava.util.logging.FileHandler.pattern = %h/java%u.logjava.util.logging.FileHandler.limit = 50000java.util.logging.FileHandler.count = 1java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatterjava.util.logging.ConsoleHandler.level = INFOjava.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormattercom.sun.org.apache.xml.internal.level = FINESTAll of the above except the last line are original from "lib/logging.properties" in the JRE directory. You can modify java.util.logging.FileHandler.pattern to be set to a desired location, otherwise, the log will be written to a file java0.log in the user's home directory. Also you need to make sure log.properties stored under a directory in the classpath. Note, OpenSSO uses xmlsec.jar/webservices-rt.jar of Sun's own implementation. When you work on other project using xmlsec packages download on apache site, you need set org.jcp.xml.dsig.internal.level = FINEST

OpenSSO uses xmlsec API to verify digital signature. In case the API returns a false, but you have no idea about the cause when just looking at the XML doc, you may want see debug messages printed...

Personal

How to Prevent H1N1 - Best Advice So Far

Someone forward this one to me. Don't know where it originated. But it makes sense in my opinion.How to Prevent H1N1 - Best Advice So Far(如何预防H1N1 - 来自医生的忠告)N95口罩是用来阻隔95% 的0.3μ微粒,,而H1N1病毒的大小是0.1μ左右。所以,靠N95口罩防H1N1就像用蚊帐来挡雨。Tamiflu does not kill but prevents H1N1 from further proliferation till the virus limits itself in about 1-2 weeks (its natural cycle). H1N1, likeother Influenza A viruses, only infects the upper respiratory tract andproliferates (only) there. The only portals of entry are the nostrils andmouth/ throat. In a global epidemic of this nature, it's almost impossible not coming into contact with H1N1 inspite of all precautions.流感疫苗不是用来杀死H1N1病毒,它只能抑制病毒在其1-2周的自然生存周期中繁衍,H1N1跟其他A型流感的病毒一样,感染部位只限于上呼吸道,并在那繁殖,它的唯一入侵途径是口鼻喉,这种全球性的流感,几乎无人能置身事外Contact with H1N1 is not so much of a problem as proliferation is.但接触到H1N1病毒,并不像H1N1传染的问题那么严重.While you are still healthy and not showing any symptoms of H1N1 infection, in order to prevent proliferation, aggravation of symptoms anddevelopment of secondary infections, some very simple steps - not fully highlighted in most official communications- can be practiced (instead of focusing on how to stock N95 or Tamiflu):当你身体健康,尚未出现H1N1感染症状时,更实用有效的办法(而不是只关注储备N95或流感疫苗),是用以下几种简单的方式来避免少量的H1N1病毒在你体内(如果有接触到的话)繁殖、出现病症、及恶化成二期感染:1. Frequent hand-washing (well highlighted in all official communications).1.常洗手(在所有的官方警示中,都有重点强调)2. "Hands-off-the-face" approach. Resist all temptations to touch any part of face (unless you want to eat or bathe).2.手绝不碰脸...除非是是吃东西和洗脸3. Gargle twice a day with warm salt water (use Listerine if you don'ttrust salt). H1N1 takes 2-3 days after initial infection in the throat/nasal cavity to proliferate and show characteristic symptoms. Simple gargling prevents proliferation. In a way, gargling with salt water has thesame effect on a healthy individual that Tamiflu has on an infected one. Don't underestimate this simple, inexpensive and powerful preventativemethod.3.每天用温盐水(或李斯德林漱口水,如果你不太相信盐水有效的话)漱口两次。H1N1在鼻喉腔内经过2-3天,才开始增生并出现症候,简单的盐水漱口可以抑制病毒繁衍,等于是健康人的流感疫苗,千万不要小看这看似简单、花费不多,但是很有效的办法。4. Similar to 3 above, clean your nostrils at least once every day with warm salt water. Not everybody may be good at Jala Neti or Sutra Neti (very good Yoga asanas to clean nasal cavities), but blowing the nose hard once a day and swabbing both nostrils with cotton buds dipped in warm salt water is very effective in bringing down viral population.4.以上三点之外,每天用温盐水清洗鼻孔至少一次,不是每个人都会用专业的清洗鼻腔的办法,但吸口气用力将鼻内物质喷出,最后以棉花棒沾温盐水清洁鼻孔。这对降低鼻中的病毒量非常有效。5. Boost your natural immunity with foods that are rich in Vitamin C (Amlaand other citrus fruits). If you have to supplement with Vitamin Ctablets, make sure that it also has Zinc to boost absorption.5.更多的食用富含维他命C的食物(如柑橘类的水果),可增加自身免疫力。如果只能服务Vc片,尽管选用含锌的以提高Vc的吸收。6. Drink as much of warm liquids as you can. Drinking warm liquids has the same effect as gargling, but in the reverse direction. They wash offproliferating viruses from the throat into the stomach where they cannot survive, proliferate or do any harm.6.多喝温开水或热汤,功效和漱口一样,只是方向相反。随着热水或汤水被喝到胃里的病毒是无法生存、传染或发作的。7. All these are simple ways to prevent, within means of most households, and certainly much less painful than to wait in long queuesoutside public hospitals.7.这些都是在家里就做得到的简便预防法,远比痛苦地排长队在医院候诊好得多。

Someone forward this one to me. Don't know where it originated. But it makes sense in my opinion. How to Prevent H1N1 - Best Advice So Far(如何预防H1N1 - 来自医生的忠告)N95口罩是用来阻隔95% 的0.3μ微粒,,而H1N1病毒的大小是0.1μ左右。所以...

Personal

US Daylight Saving Time Ends Today

Daylight Saving Time (DST) at US ends today. When checking when the DST ends this year, I read the history of Daylight Time in the US at here. It changed so many times. It is unexpectedly complicated. Although standard time in time zones was instituted in the U.S. and Canada by the railroads in 1883, it was not established in U.S. law until the Act of March 19, 1918, sometimes called the Standard Time Act. The act also established daylight saving time, a contentious idea then. Daylight saving time was repealed in 1919, but standard time in time zones remained in law. Daylight time became a local matter. It was re-established nationally early in World War II, and was continuously observed from 9 February 1942 to 30 September 1945. After the war its use varied among states and localities. The Uniform Time Act of 1966 provided standardization in the dates of beginning and end of daylight time in the U.S. but allowed for local exemptions from its observance. The act provided that daylight time begin on the last Sunday in April and end on the last Sunday in October, with the changeover to occur at 2 a.m. local time.During the "energy crisis" years, Congress enacted earlier starting dates for daylight time. In 1974, daylight time began on 6 January and in 1975 it began on 23 February. After those two years the starting date reverted back to the last Sunday in April. In 1986, a law was passed that shifted the starting date of daylight time to the first Sunday in April, beginning in 1987. The ending date of daylight time was not subject to such changes, and remained the last Sunday in October. The Energy Policy Act of 2005 changed both the starting and ending dates. Beginning in 2007, daylight time starts on the second Sunday in March and ends on the first Sunday in November.

Daylight Saving Time (DST) at US ends today. When checking when the DST ends this year, I read the history of Daylight Time in the US at here. It changed so many times. It is unexpectedly complicated.A...

Personal

Lotus Touts

My kid sent me this circulating email talking about some Lotus Touts. I don't like email chain letters, but the Lotus Touts in this one is nice. I would like to follow this guidance if it is not too late.ONE. Give people more than they expect and do it cheerfully.TWO. Marry a man/woman you love to talk to. As you get older, t heir conversational skills will be as important as any other.THREE. Don't believe all you hear, spend all you have or sleep all you want.FOUR. When you say, 'I love you,' mean it.FIVE. When you say, 'I'm sorry,' look the person in the eye..SIX. Be engaged at least six months before you get married.SEVEN. Believe in love at first sight.EIGHT. Never laugh at anyone's dreams. People who don't have dreams don't have much.NINE. Love deeply and passionately. You might get hurt but it's the only way to live life completely..TEN. In disagreements, fight fairly.. No name calling.ELEVEN. Don't judge people by their relatives.TWELVE. Talk slowly but think quickly.THIRTEEN. When someone asks you a question you don't want to answer, smile and ask, 'Why do you want to know?'FOURTEEN.. Remember that great love and great achievements involve great risk.FIFTEEN. Say 'bless you' when you hear someone sneeze.SIXTEEN. When you lose, don't lose the lesson.SEVENTEEN. Remember the three R's: Respect for self; Respect for others; and Responsibility for all your actions.EIGHTEEN. Don't let a little dispute injure a great friendship.NINETEEN. When you realize you've made a mistake, take immediate steps to correct it.TWENTY. Smile when picking up the phone. The caller will hear it in your voice.TWENTY- ONE. Spend some time alone.

My kid sent me this circulating email talking about some Lotus Touts. I don't like email chain letters, but the Lotus Touts in this one is nice. I would like to follow this guidance if it is not too...

Sun

Change Amadmin Password On File Based AM7.1

Last week, I provided the steps to change amadmin password on AM7.1. Someone had question on how to do it on file based AM7.1. The java code PasswordHashEncryption.java is still required to encrypt and hash the new password. Actually you don't need the whole AMConfig.properties, only one property am.encryption.pwd. You can pass the value as jvm option. For instance$JAVA_HOME/bin/java -Dam.encryption.pwd=sZ6rTm4Dp1xp6MuXpwyQ3h0RsdcMK5eQ -cp .:/opt/sun/identity/lib/am_sdk.jar:/opt/sun/identity/lib/am_services.jar:/opt/sun/private/share/lib/jss4.jar PasswordHashEncryption password09/15/2009 06:25:29:082 PM PDT: Thread[main,5,main]Crypt.static{}: Encryptor class= com.iplanet.services.util.JSSEncryption09/15/2009 06:25:29:429 PM PDT: Thread[main,5,main]Intilize CryptoManager in JSSEncryption.java09/15/2009 06:25:29:432 PM PDT: Thread[main,5,main]ocspCheck value in JSSEncryption : false09/15/2009 06:25:29:527 PM PDT: Thread[main,5,main]Crypt.static{}: Encryptor class= com.iplanet.services.util.JSSEncryption09/15/2009 06:25:29:529 PM PDT: Thread[main,5,main]Crypt.static{}: Encryptor class= com.iplanet.services.util.JSSEncryptionAQICLqdIM0wqkuAPYEdaOxfZvVAAAtsgBoW+OH7J1cVz6itmtRb7KTB4CQ==If you add "com.iplanet.services.debug.directory=/whatever", you can get rid off the debug messages on std output.Note, on file based AM7.1, you don't see amadmin user under subjects tab. So you only need to change the user entry file. You can first go to directory /amflatfiledir/amserver/sms and grep "u=amAdmin,ou=users,ou=default,ou=GlobalConfig,ou=1.0,ou=sunIdentityRepositoryService,ou=services". Once found, edit the file by replace the value of "userPassword" with the new one. Note "=" must be escaped, for instanceuserPassword\\=AQICLqdIM0wqkuAPYEdaOxfZvVAAAtsgBoW+OH7J1cVz6itmtRb7KTB4CQ\\=\\=Last step is the same, restarting AM server.

Last week, I provided the steps to change amadmin password on AM7.1. Someone had question on how to do it on file based AM7.1. The java code PasswordHashEncryption.java is still required to encrypt...

Sun

Reset Amadmin Password

It is not straight forward to change amadmin password on an Access Manager 7.1 setup. If you simply change it on subject tab of AM console, you would fail to login once you logout.This is due to the factor that amadmin's password is saved in a separate entry of Directory Server. You need to save the new password into this entry after changing it on the console. But the password is not saved as is but needs both encrypted and hashed. Unfortunately, the current cli tool ampassword does not help.Actually this issue had been noticed by the team and the fix - new option to do both encrypt and hash of ampassword - will be available in the next patch 7.1p4. You don't have to wait for the official release though. Here is the alternative:1) Save the following java code in a file say PasswordHashEncryption.java.import com.iplanet.services.util.Crypt;import com.iplanet.services.util.Hash;class PasswordHashEncryption { public static void main(String[] args) { if (args.length != 1) { System.out.println("Usage: PasswordHashEncryption "); System.exit(1); } String st = Hash.hash(args[0]); st = Crypt.encode(st); System.out.println(st); }}2) Compile this java file with am_sdk.jar in the classpath.3) Run this class to generate encrypted/hashed new password$JAVA_HOME/bin/java -cp .:/etc/opt/sun/identity/config:/opt/sun/identity/lib/am_sdk.jar:/opt/sun/private/share/lib/jss4.jar PasswordHashEncryption Note you need to set LD_LIBRARY_PATH=/opt/sun/private/lib to have libjss4.so in the library path. Path of jss4.jar and libjss4.so vary on different platform, so does the path to am_sdk.jar and AMConfig.properties file.Now it is time to delete old password and add the new one from entry ou=amAdmin,ou=users,ou=default,ou=GlobalConfig,ou=1.0,ou=sunIdentityRepositoryService,ou=services,dc=com (suppose the DS root suffix is dc=com). You can run ldapmodify toolldapmodfy -D "cn=directory manager" -w $pass -h $host -p $port

It is not straight forward to change amadmin password on an Access Manager 7.1 setup. If you simply change it on subject tab of AM console, you would fail to login once you logout.This is due to the...

Sun

Session Idle Timeout

When using Access Manager, people expects to set different session idle timeout or max session time for different orgs/groups/roles. This can be easily configured with older AM versions, 6.x or even older 5.x. But it is tricky to do so with the newer version 7.x. Lots of people noticed that the changes they made to the role level didn't take any effect even after restarting both AM and DS. The 7.x public doc mentioned a bug 6309262 (doc'd in 7.0 RN http://docs.sun.com/app/docs/doc/819-2134/gazwg?l=en&a=view&q=6309262). Customer has to set the cosPriority by using legacy console. If customer's AM was configured in realm mode, then they would have to modify DS directly using ldapmodify or DS console. Actually this is not very accurate.Here are the steps need to be performed:0) You should had done this already if you run into this problem. On the AM console, create a role then click on "services" tab and then click "add". In the list of services that come up, choose "session". On the next page, choose the desired values for Maximum Session Time, Maximum Idle Time etc., and click "finish".1) Go to a user's profile who belongs to the above mentioned role, click on "services" tab, then click "add" and choose "session" and then click "finish" on the next page. This step is not mentioned in any docs.Alternatively, you can run ldapmodify to add objectclass iplanet-am-session-service to the users in the role.2) Modify the cosPriority of realm level to a number larger than 0 so that the Directory Server does not choose the realm level setting over the setting of the role within the realm. The doc for bug 6309262 asks to change the role level. Actually it is already set to the highest value 0.The entry dn you need to touch is something like (suppose the root dn is dc=com): cn="cn=ContainerDefaultTemplateRole,dc=com",cn=iPlanetAMSessionService,dc=com 3) Stop and restart the DS and AM.

When using Access Manager, people expects to set different session idle timeout or max session time for different orgs/groups/roles. This can be easily configured with older AM versions, 6.x or...

Personal

Meteor Shower

Heard people talking about watching meteor shower at night yesterday. We live close to Mission Peak, which was the recommended best observatory place in Fremont. Actually we had hiked up there many times, and knew the trail very well.With support of my wife, we inspired our body to go with us. We hit the trail around 9PM. The sun had set completely, but it was not dark. Street lights were so bright at night. We didn't need to take out flashlights. Nothing special during the hiking, we reached the peak around 11PM. The reddish moon was rising from the horizon. We were so exciting as we saw 3 meteor already on the way up. The next 2 and half hour were not so exciting. There were many reasons, no chair, no bed, wind blew though not cold, most important thing was we didn't see a meteor "shower", just isolated meteor flashing thru the sky every few minutes. The flash was so brief. Sometimes you couldn't catch it after a quick blink. Had to concentrate all the time. Hard for kids. About 30 people up there at the peak and other 30-40 people alone the trail. As the moon was rising, the sky turned too bright for observing meteors. We didn't see more meteors as time went by. Besides moonlight, the light pollution is so severe around the bay. This was good for hiking though. Maybe a pair of sunglasses could help. However, city lights were beautiful! That could be enough to lure me go again.

Heard people talking about watching meteor shower at night yesterday. We live close to Mission Peak, which was the recommended best observatory place in Fremont. Actually we had hiked up there many...

Sun

Change Amadmin Password

Someone might want to change the password of the super user amadmin on Access Manager (AM) 7.0 or 7.1 for various reasons. Be careful. It is tricky. If you try to change it directly on Directory Server (DS) by modifying the userpassword attribute, you would find that you can not login as amadmin any more.Amadmin is not an ordinary user, but one of the predefined AM special users. Unlike AM 6.x, 7.x stores special users' password in two places, one is the under the user entry (uid=amadmin,ou=people,dc=com, suppose dc=com is the root_suffix) as userpassword attribute, another copy is under ou=amadmin,ou=users,ou=default,ou=GlobalConfig,ou=1.0,ou=sunIdentityRepositoryService,ou=services,dc=com as sunkeyvalue, like userPassword=_encrypted_and_hashed_password_Currently there is no option of cli tool ampassword to generate this encrypted and hashed password. I added an option --hashencrypt or -c as the fix of bug 6850818 (will be part of 7.1patch4). Then you can directly change this sunkeyvalue in DS by using ldapmodify or other DS tools. Though there is a solution if you run into this trouble, I would recommend to change password by only using AM console. It is simple and hassle free. I normally create a new user and grant the power amadmin has to it. In case any unexpected happens, I have a backup.

Someone might want to change the password of the super user amadmin on Access Manager (AM) 7.0 or 7.1 for various reasons. Be careful. It is tricky. If you try to change it directly on Directory...

Personal

Mac OS Update Leads to Reinstall

Monday night, after come back from camping trip to San Simeon State Park, starting up my MacBook asked me to update OS to 10.5.7. I let it go ahead. Minutes later, my MacBook looked like going into a loop, the spinning wheel showed for a while and then disappeared, repeated 3-4 times, the laptop became hot. I decided to press power button to cut it off before explosion...Moments later, booting up the laptop was very very slow, it took at least 5 minutes to show the desktop, but launching applications kept failing. About 10 minutes later, applications could be brought up OK, but again very very slow. Applications could run for a few minutes and then went into frozen for a few seconds. I noticed that reading files, even very small files, from the hard disk was like a crawling snail. Lots of I/O errors were printed in the system log. This sounded like a disk failure. Do you agree? I was scared and made an appointment for Apple support to call me. This is kind of nice, as you don't have to hang on the phone line waiting for hours. But I hope there is an option allowing you to wait. Apple guy told me to do a reset by pressing the power button 10 second while power is off (battery taken out). That didn't help, then I was told to do an archive install to reinstall OS from the installation disc and preserve my personal data. The Apple guy suspected the OS update was half way done, and reinstall the original OS X 10.5.2 is not only way to bring the OS back to normal.The archive install process took almost 3 hours. It worked! No more I/O errors and slowness when booting and running. All my personal data were untouched, even the cache in browsers. The only one trouble was from VPN client. I got the famous error "Unable to communicate with the VPN subsystem". Web tells me a simple fix: quit VPNClient, open a Terminal window, (Applications -> Utilities -> Terminal) and type the following:sudo /System/Library/StartupItems/CiscoVPN/CiscoVPN restartThis should restart the CiscoVPN.kext extension. But my /System/Library/StartupItems is totally empty. Because the reinstall of the OS. I had to reinstall the Cisco VPN client. After that, everything is back in business. Hooray!

Monday night, after come back from camping trip to San Simeon State Park, starting up my MacBook asked me to update OS to 10.5.7. I let it go ahead. Minutes later, my MacBook looked like going into...

Sun

Access Manager SM Cache

We all know that configuration of Access Manager (AM, called OpenSSO for 8.0 release) is very sophisticated. It is nice to have fine granular control of this product. But some configuration property names are confusing and even the comments are not clear enough. Here I just want to share what I learned recently on those properties controlling the cache of SM (Service Management). To have better performance, AM has caches implemented since day one. SM cache is available on both AM server and AM client. On the server side, SM cache gets updated whenever you make changes through AM console, or through persistent search from Directory Server if the changes are not made on AM console. This is not my topic today. I want to discuss SM cache on the client side here. How does client side SM cache get updates? Initially updating AM client SM cache relies on notifications sent from AM server. Of course, this only works on those AM clients deployed in a web container. The notification URL is defined by property 'client.notification.url'. Starting from AM6.2, a new property called 'sm.cacheTime' was introduced for polling changes from server. The value of cacheTime specifies the polling interval in minutes. This property is applicable only if 'client.notification.url' is not provided. If you set it as 0, polling would be disabled.Since AM7.0patch5 and AM7.1patch2, another new property 'sm.notification.enabled' was added to get better control of polling. If it is set to 'false', polling would be controlled by the value of cacheTime. The reason of adding this property is to allow notification being used by other components while using polling for SM.Earlier, an effort for enabling and disabling caches of different components, Identity Repository (IdRepo), User Management (UM) and SM, independently was done in AM7.0patch2 and AM7.1 RTM. This provides flexibility for customers to decide which caches to turn on and which to turn off, based on their deployment needs. New property 'sm.cache.enabled' was brought in to enable (true) or disable (false) only the SM cache. The effectiveness of this property is subjected to the value of 'sdk.caching.enabled', which is the global property that enables (true) or disables (false) the IdRepo, UM, and SM caches. If true, or if the property is not set, all three caches are enabled.The latest improvement on this was done on OpenSSO8.0. There are two new properties were available to control the expiration of SM cache. If the property 'sm.cache.ttl.enable' is set to true, the cache entries will expire based on the time specified in the property "sm.cache.ttl" (in minutes).Ideally, I think everyone would agree SM cache should be enabled and notification turned on. Again, your client has to running on a web container in order to provide notification URL to the server. But the notification URL is registered at run time and kept in memory of AM server. A server start causes the loss of the URL, then client can not receive any more notifications. Unless you restart your client or re-initiate SM cache by other ways. If getting the SM change immediately from the server is not so important, generally I recommend to set sm.cache.ttl.enable=true and sm.cache.ttl to an appropriate value. The default is 30 minutes.All the property names mentioned above should prefixed with 'com.sun.identity' or 'com.iplanet.am'. So the complete set of properties are:com.sun.identity.client.notification.urlcom.sun.identity.sm.cacheTimecom.sun.identity.sm.notification.enabledcom.iplanet.am.sdk.caching.enabledcom.sun.identity.sm.cache.enabledcom.sun.identity.sm.cache.ttl.enablecom.sun.identity.sm.cache.ttl

We all know that configuration of Access Manager (AM, called OpenSSO for 8.0 release) is very sophisticated. It is nice to have fine granular control of this product. But some configuration property...

Sun

Java Class Version Problem

Class com.iplanet.services.naming.WebtopNaming has unsupported major or minor version numbers, which are greater than those found in the Java Runtime Environment version 1.5.0_15What do you think about the above error? The first reaction I guess could be that WebtopNaming class must be compiled by JDK1.6 or later. If you are not sure, want to double check, you can simply find out by reading the class file. According to The Java Virtual Machine Specification, the first 4 bytes are a magic number, 0xCAFEBABe, to identify a valid class file then the next 2 bytes identify the class format version (major and minor).Someone wrote a simple Java code ClassVersionChecker, which is very convenient. The possible major/minor value are: major minor Java version 45 3 1.0 45 3 1.1 46 0 1.2 47 0 1.3 48 0 1.4 49 0 1.5 50 0 1.6Run ClassVersionChecker on my WebtopNaming shows "46 . 0". According to the table above, it is JDK1.2, how can it cause problem with JDK1.5. Some research on the net tell me that possible reasons should be the environment, which is not clean. Like somehow a JDK1.6 or later is present, or mixed with JDK1.5, or only JRE is 1.5, while other parts are of 1.6 ... It is not my machine. I don't know the answer yetDuring a web ex session at the 2nd day, I saw the size of WebtopNaming.class, which was totally different from the original, about 10-20%. Do you know what? It was sent via email as attachment and the receiver used outlook to save it. Outlook, I can't believe people still uses it. The first thing I did normally when I get a new Windows machine or re-install Windows to get rid off viruses is to delete outlook from the desktop, start menu. I would like to delete IE too, but so many poorly designed web sites still exist.

Class com.iplanet.services.naming.WebtopNaming has unsupported major or minor version numbers, which are greater than those found in the Java Runtime Environment version 1.5.0_15What do you think...

Personal

unable to find valid certification path to requested target

When working on a client that works with an SSL enabled server running in https protocol, you could get error 'unable to find valid certification path to requested target' if the server certificate is not issued by certification authority, but a self signed or issued by a private CMS.Don't panic. All you need to do is to add the server certificate to your trusted Java key store if your client is written in Java. You might be wondering how as if you can not access the machine where the server is installed. There is a simple program can help you. Please download the Java program and run % java InstallCert _web_site_hostname_This program opened a connection to the specified host and started an SSL handshake. It printed the exception stack trace of the error that occured and shows you the certificates used by the server. Now it prompts you add the certificate to your trusted KeyStore.If you've changed your mind, enter 'q'. If you really want to add the certificate, enter '1', or other numbers to add other certificates, even a CA certificate, but you usually don't want to do that. Once you have made your choice, the program will display the complete certificate and then added it to a Java KeyStore named 'jssecacerts' in the current directory. To use it in your program, either configure JSSE to use it as its trust store or copy it into your $JAVA_HOME/jre/lib/security directory. If you want all Java applications to recognize the certificate as trusted and not just JSSE, you could also overwrite the cacerts file in that directory.After all that, JSSE will be able to complete a handshake with the host, which you can verify by running the program again.To get more details, you can check out Leeland's blog No more 'unable to find valid certification path to requested target'

When working on a client that works with an SSL enabled server running in https protocol, you could get error 'unable to find valid certification path to requested target' if the server certificate is...

Personal

Kids Gamble

We went to Tahoe after a month long storm. Yes, the storm hadn't lasted for over a month. But every weekend in the February this year was snowing. We didn't want spend too much time on the road.There was no surprise. The snow was so fresh. The only problem was the temperature was high, so the snow was wet, and gave too much traction. On the slope, especially the green trail, your ski/snow board got stuck once you stopped for a minute. You had to push it to get it moving. The good side of it is that I could get to any trail I was scared to try without fear. I even jumped off from the cliff on the top of headwall and KT22. The north face of headwall at Squaw Valley looks so scary.I enjoyed pretty much the whole day, but Eric was certainly not. This was the 3rd time for him to snow board. He was so tired, even lost appetite on the dinning table. We decided to save our NorthStar tickets for the next time. So on the Sunday morning, we didn't get early but wake up naturally and let kids played arcade games at the hotel.As usual it didn't take too long for kids get their pocket empty. Tiger come to me excitedly, and asked for 2 more quarters. Other kids told me that he was going to win a Nintendo DS. The game is simple. With two quarters, One got 3 chances to push a button to stop the spinning tick. The base wheel marked with numbers from -3 to +3. +3 means your position goes up 3 levels, -3 of course lows you down 3 levels. The game does not reset for a new game. So Tiger is at 5th level, one short from winning. That is why kids were so exhilarated.Tiger didn't have the luck with the next 2 quarters. I explained to him how this game and other casino slate machines work. He still believed he could win with more quarters. I wanted him to learn by himself, I gave him all my quarters plus one buck bill. Hopefully he learned a lesson, the gambling lesson.

We went to Tahoe after a month long storm. Yes, the storm hadn't lasted for over a month. But every weekend in the February this year was snowing. We didn't want spend too much time on the road.There...

Personal

How to set root password on MacBook

I got a MacBook Pro recently. It works great for both at home and work. I started to debug OpenSSO issues on this lapto. OpenSSO relies on cookie to do single sign on. Though OpenSSO can be deployed on tomcat and up running, but I couldn't access OpenSSO console. Authentication passes OK, but cookie is not set. You got to have a cookie domain in order to set cookie. Localhost does not work.That is simple, all I need is to add some fake domain/host names to /etc/hosts file. However, only root user can access this file. Wait a second, when I started to use this MacBook, it never asked to set root password. What can I do? search the internet. I found a few ways quickly, like inserting in the OS disk. I don't have the disk with me. Here is another one, Open Directory Utility -> Click the lock in the Directory Utility window -> Enter an administrator account name and password, then click OK -> Choose Enable Root User from the Edit menu -> Enter the root password you wish to use in both the Password and Verify fields, then click OK. I don't know what is the admin account. I only have one user on this laptop. I inputed my password, but nothing happened.Just before I started looking for the OS disk, I discovered this trick "sudo passwd root". Dude, it is so easy. I can't believe it! But is this a security hole of Mac OS X ......

I got a MacBook Pro recently. It works great for both at home and work. I started to debug OpenSSO issues on this lapto. OpenSSO relies on cookie to do single sign on. Though OpenSSO can be deployed...

Personal

How to open XPS files

What is the XPS file format? It is Microsoft’s electronic paper format, an alternative to the PDF format. When printing from Windows machine, you have a choice to print to a file in case you have to print something but is not near to a printer. In the printer list, select "Microsoft XPS Document Writer", then prompted for file name and location. Are you done yet? So far so good, but problem comes when you get access to a printer. How do you re-open this XPS file and print it on paper? It is very tricky. Double click on this XPS file, opens up a browser and starts to download this file. If you try to open this downloaded file, again downloading starts and never ends. Of course, this does not happen if you have IE as the default browser. What happens is that XPSViewer.exe resides in \\WINDOWS\\SYSTEM32\\XPSViewer folder is not a normal application, but actually a IE plugin.After some research on the internet, I found some alternatives, like using a standalone XPS viewer - http://www.microsoft.com/whdc/xps/viewxps.mspx; or download Microsoft XML Paper Specification Essentials Pack from this link Microsoft download site. Here is a cool one: Install the IETab extension from http://ietab.mozdev.org, Add a filter for xps extensions or modify the mht filter to read:/\^file:\\/\\/\\/.\*\\.(mht|mhtml|xps)$/

What is the XPS file format? It is Microsoft’s electronic paper format, an alternative to the PDF format. When printing from Windows machine, you have a choice to print to a file in case you have to...

Personal

Half Dome

I am so happy that my whole family could complete the 18 mile famous Half Dome trail last Thursday. When I planed this trip, I only expect my 10 year old Tiger to finish it. But I am really surprised, of course I am very very happy 8 year old Eric could do it too. Actually Eric is the first one get to the peak. I don't know whether he set a record. At least on the mountain, we heard only one kid is young than his brother. What an awesome boy! I am so proud of him.I always believed Tiger could do it since he is so strong. He could bit me very soon, less than one year if he could keep up the hard work. But he lost a bit of confidence when he heard someone talking about the danger of the last part of the trail. "If you slip, you are gone". He was kid of scared, and kept asking me what could happen next. He is that kind of kids thinking too much. I had to keep telling him that nobody ever fell and died on this trail (Just find out that actually there is only one hiker fell from the cables and died in 2007. The first time this has ever happened). I am glad he did just fine. Especially when climbing up the quarter dome, he took his brother and ahead of me and my wife 5 minutes. This part is so strenuous and somehow I felt the altitude. My heart bit accelerated a lot. I got to stop rest every 2 minutes. Personally, I think this part is more difficult than the infamous cable route. Maybe I carried too many water bottles, just want to stress myself a bit more, otherwise it would be too easy for me. You can't believe it. I didn't count the number in the morning, but I still had 15 water bottles (Eight 700ml and seven 355ml) left in my backpack. I don't think I will do the same next time. Will I do that again? Eric told me he wouldn't climb Half Dome again until he becomes a teen.For more pictures, click here.

I am so happy that my whole family could complete the 18 mile famous Half Dome trail last Thursday. When I planed this trip, I only expect my 10 year old Tiger to finish it. But I am really surprised,...

Personal

Visual Acuity and Snellen Chart

In China, the Snellen chart used to measure visual acuity (VA) are full of tumbling E, having the opening pointing to all four directions, up, down, left and right. This is reasonable, as ordinary Chinese people do not know English decades ago. I believe this is better than the one used at US, because not all of Latin characters are equally recognizable. It is obvious that there's much more difference between an H and an O than an O and a D.Not just the chart itself, the scales of VA are different. China uses decimal number instead of 20/20 fractional system. I tried to find the way to convert the VA scale used in China to the one in US like crazy. But the searching is so time consuming. Before searching on this, I always think the search engines are so convenient to find information like this. Maybe I didn't use the right keywords. Anyway, the following table of equivalent values in different VA scales is the complete table I find, which helps us to translate any kind of chart which we may encounter.RowmetricEnglishdecimalJaeger (Near vision)% visual efficiency% of lossSize of EFunction16/6020/2000.1J820%80%87mmMuch handicapped but still can get around onone's own, can can recognize people and objects26/5020/1660.1530%70%75mm36/3820/1250.16J740%60%65mm46/3020/1000.2J650%50%45mmCan do routine work and look at movies. Carlicense plates are blurred. Dangerous to drive56/2420/800.235J560%40%66/2020/66.60.3J465%35%30mmCan enjoy TV, but outlines of faces and lettersare not sharp. Can still drive a car but needs great caution76/1020/33.30.6J390%10%15mmCan pass driving licence or seamen certificate test86/620/201.0J1100%0%9.25mmNormal eyesightActually you don't need this table, converting the VA from 20/20 system to decimal system is easy.20/20 should be treated as a fraction 1.0 and 20/200 = 0.1Nevertheless, I still couldn't get all my doubts cleared. In China, the normal eye sight (standard acuity) is 1.5, not 1.0 as converted from 20/20. I don't know whether Chinese ophthalmologists have a higher standard of eye sight, or simply 1.5 scale is totally different from the decimal scale.

In China, the Snellen chart used to measure visual acuity (VA) are full of tumbling E, having the opening pointing to all four directions, up, down, left and right. This is reasonable, as ordinary...

Personal

China bans plastic bags

The first plastic sandwich bags were introduced in 1957. Although plastic bags didn't come into widespread use until the early 1980s, environmental groups estimate that 500 billion to 1 trillion of the bags are now used worldwide every year.Imagine a world without plastic shopping bags. It could be the future. There is a growing international movement to ban or discourage the use of plastic bags because of their environmental effects. Critics of the bags say they use up natural resources, consume energy to manufacture, create litter, choke marine life and add to landfill waste.One of the key concerns is litter. In China, plastic bags blowing around the streets are called "white pollution." In South Africa, the bags are so prominent in the countryside that they have won the derisive title of "national flower."One of the most dramatic impacts is on marine life. About 100,000 whales, seals, turtles and other marine animals are killed by plastic bags each year worldwide, according to Planet Ark, an international environmental group.Ireland introduced "PlasTax," a levy of about 20 cents that retail customers have had to pay for each plastic bag since March 2002. The use of plastic bags in Ireland dropped more than 90 percent following imposition of the tax. Similar legislation was introduced in Scotland last month and is being discussed for the rest of the United Kingdom.In Australia, about 90 percent of retailers have signed up with the government's voluntary program to reduce plastic bag use. A law that went into effect last year in Taiwan requires restaurants, supermarkets and convenience stores to charge customers for plastic bags and utensils. It has resulted in a 69 percent drop in use of plastic products, according to news reports.China government announced Jan. 8, 2008 that production of ultra-thin plastic bags is banned and using those bags in supermarkets and public transportation are also banned. This rule will take effect by June 1, 2008. China government encouraged people to bring their own cloth bags or baskets when shopping.Other countries that have banned or taken action to discourage the use of plastic bags include Bangladesh, Italy, and South Africa. Mumbai (formerly Bombay), India, also has banned the bags.The environmental group Californians Against Waste estimates Americans use 84 billion plastic bags annually. However, US government did not pay attention to this issue. A bill that would have imposed a 3 cent tax on plastic shopping bags and cups was sidelined in the California Legislature last year after heavy opposition from the retail and plastics industries. San Francisco went ahead of other US cities. March 27, 2007, S.F. became the first city to ban plastic shopping bags. Supermarkets and chain pharmacies have to use recyclable or compostable sacks.

The first plastic sandwich bags were introduced in 1957. Although plastic bags didn't come into widespread use until the early 1980s, environmental groups estimate that 500 billion to 1 trillion of...

Personal

红酒配红肉,白酒配白肉

三十岁以前, 我几乎不喝酒. 当然, 一点啤酒除外. 来到加州, 这个有名的葡萄酒乡, 我也随大流学着尝试葡萄酒. 葡萄酒有红白两大类, 以及许许多多的小类. 虽说大的原则只有十个字, 红酒配红肉,白酒配白肉. 到正式宴会, 规矩更多. 我上网研究了一番, 找到一些, 我想应该够用了.喝酒是一门很复杂的学问,酒配餐似乎就更复杂。但也有规则可循,即酒不能盖过餐的味道,餐亦不能盖过酒的味道。如果西餐中有黑胡椒、芥末等味道厚重的食物,肉的味道被掩盖,那么酒的味道不能盖过黑胡椒或芥末。中餐,尤其是川菜,酒的口感需要更重才能感觉很好。另外,新世界国家的酒和旧世界国家的酒口感上有很大区别。总的来说,新世界国家的酒口味奔放,喝起来很爽,适合配一些口味重的菜品。而旧世界国家的酒口味含蓄,适合配口味清淡、耐人寻味的菜品。大部分酒单一如菜单,按上菜先后顺序从开胃酒 Aperitif、白葡萄酒 White Wine、红葡萄酒 Red Wine、甜点酒 Dessert/Sweet、餐后酒 Liquor 的顺序排列. 通常建议先点菜,后点酒。如果你很讲究,那么一顿晚餐,特别是一顿西餐,需要搭配不同口味的葡萄酒。上酒的顺序一般由清淡的白葡萄酒到醇厚的红葡萄酒,再到微甜的贵腐酒;同时年份轻的酒在前,年份老的酒在后。酒的口感是配餐酒的关键, 清淡红酒甚至可以放在白酒前。上酒顺序是口味由清淡柔顺循序渐进至醇厚浓重. 但是要记住同类的酒产地不同, 口味有可能很大区别, 譬如美国设拉子葡萄和法国的设拉子. 当然,如果你不是太讲究只想点一瓶酒,那么根据主菜,决定是红还是白。清淡型白葡萄酒如汽酒 Sparkling Wine、白沙威浓、Sauvignon Blanc、清纯型霞多内、Unwooded Chardonnay、白贝露 Pinot Blanc、威士莲 Riesling 适合配沙拉、蔬菜、瓜果、淡味海鲜、生蚝、寿司、清蒸海鲜、鱼子酱、淡味芝士、清蒸贝类、清蒸豆腐、白灼虾.中淡型白葡萄酒、非常清淡的红葡萄酒如雪当利 Chardonnay、沙美龙 Semillon、威士莲 Riesling、宝祖利新酒、Beaujolais Nouveau、灰皮诺Pinot Noir 是莎当妮家族中的佼佼者。美丽的亮黄色酒体,富含成熟柑橘、黄油的芬芳,及浓郁的菠萝味道。酒体平衡,回味绵长而持久。适合与熏烤鲑鱼,牡蛎和其他浓汁鱼肉菜肴搭配。清淡的白肉如海鲜、鸡肉,适合搭配清淡的白酒。因为白酒中酸度可去腥味,并增加口感的清爽. 可配中味做法的海产鱼翅、鲍鱼、炒鱼球、蒸虾球、酿豆腐、卤水鹅肝、白切鸡、油泡响螺、炒蔬菜、龙井虾仁、淡至中味芝士…… 甜白酒配甜点. 甜味型葡萄酒如冰酒 Icewine、贵族霉甜酒、Noble Rot、晚收甜酒Late Harvest Wine, 配香煎鹅肝、餐后甜品、水果、干果、重味芝士、雪糕、巧克力……这类甜酒配干辣和麻辣型的川菜、湖南菜也十分合适。甜白酒,的确是搭配甜点的伴侣。一般来说,甜品、水果与葡萄酒的酸味并不协调,半甜的酒和甜酒搭配甜品,会让你不仅感觉到甜品的曼妙,也可以感觉到酒的甜美。此酒蕴含生姜的辛香,白花及核果的芳香与口味尤为突出,果酸精致,与甜辣口味相配和谐、美味。红酒的单宁与红肉中所含的蛋白质结合可使单宁柔顺,肉质更加细嫩。中浓型红葡萄酒,如:偏浓的布根地红、波尔多红、意大利红、西班牙红、部分新世界的梅乐Merlot、仙粉黛 Zinfandel。该酒黑加仑子、洋李、雪松以及薄荷的味道非常浓郁,来自于法国和美国小橡木桶的陈酿令其发展出圆熟的单宁及香草和丁香的味道。含在口中,能感觉到圆熟庞大的单宁,黑色类果香构成此酒的后味主骨。配上牛排,香味回味无穷。还可配烧鸭、烧鹅、羊扒、烤乳鸽、椒盐虾蟹类、风干和烟熏肉类、香肠、红烧鱼、广东扣肉、东坡肉、南京酱鸭、红酒烩鸡、牛仔扒、炒腰花、肥叉烧、铁板烧鸡、中味芝士……一般地说, 我比较喜欢红酒. 我好象还未体会到白酒的妙处, 甚至于在吃适合白酒的菜式时. 你觉得怎么样.

三十岁以前, 我几乎不喝酒. 当然, 一点啤酒除外. 来到加州, 这个有名的葡萄酒乡, 我也随大流学着尝试葡萄酒. 葡萄酒有红白两大类, 以及许许多多的小类. 虽说大的原则只有十个字, 红酒配红肉,白酒配白肉. 到正式宴会, 规矩更多. 我上网研究了一番, 找到一些, 我想应该够用了.喝酒是一门很复杂的学问,酒配餐似乎就更复杂。但也有规则可循,即酒不能盖过餐的味道,餐亦不能盖过酒的味道。如果西餐中有...

Personal

Our First Day At Lake Tahoe 2007 Winter!

On December 22, 2007, Saturday night, I was anxious to go to sleep, because the next day our family was going to Lake Tahoe, and I was going to go snowboarding! The next day, I woke up at eight in the morning and went to my parent’s room to lay down with them to talk. I was really excited, and kept on talking about me doing cool tricks on my snowboard. Then my mom said that today we weren’t going skiing or snowboarding. We were just going to drive to the cabin we rented in Lake Tahoe and unload our stuff. I was sad, but quickly remembered that our friends were coming too, and we could build a snowman in the backyard. We loaded the things we needed on the trip and drove to our friend’s house to see if they were ready. They weren’t ready, and it was a sunny morning, so we played while they were still packing. We wave boarded, played wall ball, played monkey-in-the-middle, tag, and rode our scooters. It was very fun! Finally at eleven, we left for Lake Tahoe! At 1PM, we went to Mc Donald for lunch! I wanted to go to KFC, so my dad brought me there! I bought popcorn chicken and hot wings. We went back to Mc Donald and ate there. At two, we continued driving to Lake Tahoe. We finally got there at 3:30PM!Eric Dang asked me to snowboard in the backyard with him to improve our skills. I said yes because I also wanted to improve. I went inside to change and came back out to get my snowboard and went to the backyard. My first run down that year was ok because I didn’t fall, but I got stuck in the snow. It took three of the kids to get me out of the snow! My second run down was a little better because I didn’t get stuck again, but I fell down. Soon my dad came to smoothen the snow so we couldn’t get stuck easily. After about three more runs down, I went inside to play with Jordan and Justin on my DS.During dinner, we were all talking about tomorrow when we would be skiing and we were not eating so the parents got mad and screamed all the life out of us. After dinner we played our DSs, Game boys, and a Dream cast to nine. We brushed our teeth and went to bed. This was our fun day on our first day of the trip to Lake Tahoe!

On December 22, 2007, Saturday night, I was anxious to go to sleep, because the next day our family was going to Lake Tahoe, and I was going to go snowboarding! The next day, I woke up at eight in...

Sun

A NSS/JSS Bug is Fixed

Someone reported that their J2EE agent 2.2 periodically hangs. The thread dump shows that over hundreds threads waiting for a lock that was held by a thread writing a log message to the remote Access Manager (AM) server. at java.net.SocketInputStream.socketRead0(Native Method) at java.net.SocketInputStream.read(SocketInputStream.java:129) at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293) at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:723)This stack trace is not new to me. I have seen this kind of thread stack trace many times, especially on AM servers. The difference is that on AM server, there could be many threads doing socketRead when all sending session/policy notifications, as this operation is asynchronous. The common thing is that this problem only happens when AM server or client running in secure mode. Basically SSL is enabled.This is not an AM/agent problem, but root in NSS/JSS/NSPR packages. This morning, I checked the latest NSS/JSS/NSPR patch 119211-14(Solaris 9). I am very happy to this bug 6524809 - JSS SSLSocket.close() may be blocked and not interrupting the SSLSocket.read() thread. Actually it is fixed in rev #13. I strongly believe that this bug might be responsible to all AM/agents hang issues with SSL enabledSolaris 8 SPARC: 119209-13Solaris 9 SPARC: 119211-13Solaris 9 X86: 119212-13Solaris 10 SPARC: 119213-13Solaris 10 X86: 119214-13Linux: 121656-13HP-UX pa-risc: 124379-04JES5 Windows: 125923-02JES5 Solaris SPARC: 125358-02JES5 Solaris x86: 125359-02

Someone reported that their J2EE agent 2.2 periodically hangs. The thread dump shows that over hundreds threads waiting for a lock that was held by a thread writing a log message to the remote Access...

Personal

Is Ski dangerous?

Most people might think ski is a dangerous sports activity. I also agree with that until I read a news this morning. The news is about that a 19 year old died after falling from the lift at Heavenly last Wednesday (Nov 28).This news should make us to believe ski is very dangerous. However, on the paper, it says that according to industry experts, this kind of fatal is so rare that most resorts don't even keep track of its frequency. Injuries are almost always a direct result of a skiing incident, such as people hitting a tree or each other, or just a bad fall. Though myself never had a hurt bad enough to take me to see doctor, but I have heard many people had broken legs.Here are the facts. Over the past 10 years, about 37 skiers and snowboarders have died each year on the US's slopes, according to National Ski Areas Association data. The rate of death, roughly 2 per 1 million participants, is far lower than those associated with swimming and bicycling. Serious injury, such as paralysis and severe head trauma, occurs on the slopes at a rate of 43 cases per year, according to NSAA figures.Do you change your mind? But I have seen/heard many friends/colleagues/friend's friend had their legs broken. I will keep going to the slopes no matter what. The reason is simple, I love this sport so much.

Most people might think ski is a dangerous sports activity. I also agree with that until I read a news this morning. The news is about that a 19 year old died after falling from the lift at...

Personal

LASIK

I had LASIK surgery done last Thursday. I had been wearing glasses for more than 25 years. Because of super sensitivity of my eyes, I couldn't take advantage of contacts. Since LASIK, propabably should be called PRK earlier, became available 20 years ago, I started to dream of having my vision corrected without glasses. However, I was hesitating and afraid of getting complications and the worse case of losing vision completely. Today is the forth day after the operation. I changed from near sighted to be far sighted. I couldn't read newspaper. A pair of reading glasses helps me. My doctor told me I should wait a month or more to get my vision stabilized. So I must be the most anxious guy waiting for 2008 to come. Another reason I couldn't wait for the Christmas to come is that I will go ski without glasses for the first time. Last year, on Squaw Valley, I had a bad landing after a jump. I had my head bumped on the slope. My head was OK as I wore a helmet. But I found my goggle and glasses were gone and I couldn't find my glasses nearby. I asked for help to some teenage skier who waiting for me to clear the slope. Nobody understood what I was looking for. Finally one kid told me, "Is it on your head?" Yes, my glasses was resting on my head like people normally pushing their sunglasses up indoor. Isn't it funny?This would never happen again, as long as I don't need to read a newspaper when sliding on a slope.

I had LASIK surgery done last Thursday. I had been wearing glasses for more than 25 years. Because of super sensitivity of my eyes, I couldn't take advantage of contacts. Since LASIK, propabably...

Personal

Tips for climbing Mt. Whitney

The night before leaving home to Mt. Whitney, I read tips on the internet until 2 o'clock in the morning. Some of them are useful but others are misleading. Let me tell you why.1) Acclimatization is important. This is true. To get acclimatized before climbing Mt. Whitney, a mountain over 14,000 feet is a must for climbers coming from sea level. If you don't have much time or don't want to do camp on the mountain, you better sleep at the Whitney Portal camp (8,300 ft) where the main trail starts. I camped at the Lone Ping campground, which is not much higher than the town Lone Ping at 3,700 ft. This might be the reason why I felt some what strong mountain sickness. 2) You only need carry water for the next hour as the trail is not far from creeks or lakes. I disagree with this. Actually I was told at the visitor center to carry clean water as the water might not be than clean as too many people climbing in the summer. Not just that, actually, once past the Trail Camp, no more creeks or lakes near the trail, and you won't be able to get back soon. It took me more than 6 hours. My problem was that I carried too much in my backpack, 6 bottles of water and 6 bottles Gatorade. But I drunk only 4 bottles.3) The main trail is only class I. During the summer and autumn months, only sneakers are necessary to ascend this summit. Don't try this, yes the trail is not steep, but this is not a trail well paved besides the the part to Lone Pine Lake that does not even require a permit. I regretted that I wore my old hiking boots. If I go again next time, I would buy a new pair with thicker sole. On my way down, I felt I was wearing sneakers not a boots. 4) Weather can quickly change without warning, and that near the summit, lightning can be an extreme danger. Whitney and neighboring pinnacles along the Sierra crest can turn into lightning rods. Ditto for people climbing them. The weather changing normally happens at afternoon. Sept. 2, a very sunny day turns into cloudy after 2PM, and sprinkle lasted for a hour. Good I took the advice from visitor center to start earlier. If I woke as my plan at 6AM, I would get wet. Hopefully there was no lightning that day, as several climbers still went up after 2PM.5) I didn't know hikers need permit for climbing Mt. Whitney until a few weeks before the labor day. My friend told me we might still get one if we could reach the visitor center early enough. Though we knew we got to leave early, but we actually left bay area home after 7AM, spent 1 hour at Tenaya Lake for lunch, and reached camp group at 3:30PM. From the camp group, we asked the direction to the visitor center. When we stepped in the center (located at south end of Lone Pine), it already passed 4PM. We were so lucky that day. Park ranger told us someone canceled their applications. And getting the permit there is free. If you apply it ahead of time, it cost you $15 per hiker. Here is site for how to apply.6) Besides high mountain sickness, there is another big challenge - No toilet once you start on the trail. In the visitor center, each of us received a "poop bag". No joke, now it is no long allowed to bug a cat hole on Mt. Whitney. Do your business at 6 inches deep cat hole and 100 feet away from any water or camping locations was considered a standard "Leave No Trace" (LNT) hiking practices to limit human impact in the wilderness at other places. Two hours before I summited Whitney peak, that feeling already started. Unfortunately my poop bag was in my friend's backpack and I left him behind as he couldn't stand the mountain sickness. I fought hard against the urge on the whole way down. Once I got back to the trail head, you must know what I did first.7) The ranger told us the trail map printed by forest service is not accurate. But we don't know the mileage labeled on the map is off so much. To make it simple, you add 0.5 miles to every milestone, for example, it says 2.5 mile to Lone Ping lake, it should be about 3 miles. So once you get to the beginning of crest trail, the peak is not 2.8 miles away, but 2.2.

The night before leaving home to Mt. Whitney, I read tips on the internet until 2 o'clock in the morning. Some of them are useful but others are misleading. Let me tell you why.1) Acclimatization is...

Personal

Talking on cellphone while driving

About a year ago, Gov. Schwarzenegger signed SB 1613 by Sen. Joseph Simitian (D-Palo Alto) that prohibited the use of a cell phone in a moving vehicle unless the driver is using a hands free device. But you might miss some details of the SB, such as effective date. Specifically, SB 1613 will: \* Prohibit the use of cell phones by drivers unless the driver is using a hands-free device starting July 1, 2008. \* Allow drivers of commercial vehicles to use push-to-talk phones until July 1, 2011. \* Allow drivers to make emergency phone calls without using a hands-free device. \* Allow drivers of emergency response vehicles to use cell phone without a hands-free device.Though this SB is not effective yet and it only bans drivers to hold the cellphone when talking, I always worried those people who are talking and driving on the highway or street. CHP data show that cell phones are the number one cause of distracted-driving accidents. Distracted driving leads to tens of thousands of car accidents annually, with many of these accidents resulting in serious injuries or even death. This SB could help to reduce the distraction a lot, however even using hands free device is still a big source of distraction. Especially when you have a long conversation. In my opinion, talking on cellphone should be banned completely until it is a emergency call.When driving outside of California, you should be careful. The Cellphone law varies in all states. Connecticut, New Jersey, New York, Utah and DC have the same ban as California. Looking for more details, check out this site.

About a year ago, Gov. Schwarzenegger signed SB 1613 by Sen. Joseph Simitian (D-Palo Alto) that prohibited the use of a cell phone in a moving vehicle unless the driver is using a hands free device....

Sun

ldapsearch to search DS with SSL enabled

Normally, you don't have any problem to run ldapsearch on a directory server without SSL enabled. The ldapsearch can be of any version, even the default one of Solaris system works. However, if the directory server instance runs on secure port, you might run into lots of trouble.When using the default /bin/ldapsearch, it reads cert from cert7.db and mostly you could get error "ldap_simple_bind: Can't contact LDAP server" from a target DS of JES5. In ldap access log, error is "B4 - Server failed to flush BER data back to client".You would better to use the ldapsearch command coming with the DS6.0 /opt/SUNWdsee/dsee6/bin/ldapsearch and pass the cert8.db of the target DS itself as the parameter of -P option. For example, /opt/SUNWdsee/dsee6/bin/ldapsearch -h -p -D "cn=directory manager" -w password -P /var/opt/SUNWdsee/dsins2/alias/slapd-cert8.db -b "dc=com" -Z "uid=\*".Of course, you have to run the above on the machine where DS is installed. If you need to run it on a different machine, the easiest way is to copy/ftp the file cert8.db and key3.db used by the DS to the remote client machine. I could use the ldapsearch coming with JES4 in this way. For example,cp /var/opt/SUNWdsee/dsins2/alias/slapd-\*.db /tmp/./var/opt/mps/serverroot/shared/bin/ldapsearch -h -p -D"cn=directory manager" -w password -P /tmp/slapd-cert8.db -b "dc=com" -Z "uid=\*".If you get error "ld.so.1: ldapsearch: fatal: libldap50.so: open failed: No such file or directory", you would need to "setenv LD_LIBRARY_PATH /usr/lib/mps:$LD_LIBRARY_PATH"

Normally, you don't have any problem to run ldapsearch on a directory server without SSL enabled. The ldapsearch can be of any version, even the default one of Solaris system works. However, if the...

Personal

On the top of Mountain Whitney

Yesterday 12:15PM PST, I reached the highest point of the "lower 48 states" at United States. My hiking trip started at 4:24AM. It took me 7 hours 51 minutes to be on the top of Whitney, and 4 hour 49 minutes to hike down. Here are the pictures.It was totally out of my expectation though. The day before my trip, I thought about spending 6 hours to reach the summit. That was based on my experience of hiking up Mission Peak at Fremont, a trail about 4 mile in distance with 2000 feet elevation gain. The main trail to Mountain Whitney is 11 miles with 6000 feet elevation gain. I could reach Mission Peak within one hour. I could never believe climbing Mountain Whitney is that difficult before yesterday.I guess it must be due to the high altitude sickness (mountain sickness). According to statistics, two out of every three hikers failed to reach the summit. At 14,000 feet, a hiker can only perform 60 percent of his/her normal capability at sea level. As early as I arrived at the Lone Ping camp ground (4,000 - 5,000 feet), I started to feel a bit headache. That is similar to the feeling of holding you breath too long under water. Once climbing up to 11,000 feet level, it became very difficult to lift my legs. I took break more and more frequently, from every 30 minutes to 20, 15, to 10 minutes. After entering the camp trail, the trail has 97 switchbacks, I had to take rest every 5, even 2 minutes. Interestingly, once I stopped for a few seconds, I felt I had recovered. But right after a few steps, I felt that I needed another break, especially on the stairs part. My heart beat jumbed at above 120 per minute. On the last 2 miles, the crest trail is over 13,700 feel level, I felt I was walking on the surface of the Moon. However, once I slowed down, I didn't need any breaks. I kept moving, maybe you want to call it crawling. I started to have another symptom of mountain sickness, dizziness. I felt I just drunk 2 bottles of beer. My eyelids were fighting each other.Good to meet some people who successfully reached the summit, every short conversation brought my consciousness back a bit. With their encouragement and my strong desire of conquering the tallest mountain of 48 states, my nearly 8 hour struggling finally ended. I saw the rock wall building and the tablet marking the elevation of Mt. Whitney 14,496.811 ft.

Yesterday 12:15PM PST, I reached the highest point of the "lower 48 states" at United States. My hiking trip started at 4:24AM. It took me 7 hours 51 minutes to be on the top of Whitney, and 4 hour...

Personal

Costco Tire

Yesterday, I went to Costco to get four new tires for our 2000 MPV. The odometer was broken since last summer. We don't know how many miles it rolled exactly, but it must be over 110k. This is the fourth time to buy new tires for this mini van. I believe it is too frequent, including the original from Mazda, each pair only worked for less than 30k. I heard people can roll their car for 70k without changing. I really don't like to visit tire center of Costco, because of the long waiting hour. I can remember last time I waited more than 4 hours until the store was closed. Unfortunately, Costco hands out a new coupon, which is the best ever, $80 of a set.The line was not too long as I thought yesterday. Maybe because I arrived a bit early. However, I was surprised, the tire P205/65R15 92T I chose was not Michelin, so no discount. The sales suggested me to take Michelin x-radial DT 80K mile warranty, which was $36 higher. I didn't want going back home to do research and nodded OK. The total was $410, the highest ever I paid for four tires. My wife drove the van back in the afternoon. She told me that she loved the new tires. The van run much smooth and quiet. Next time I will read this http://probargainhunter.com/2007/05/24/which-place-sells-cheapest-tires/ before visiting tire dealer again.Interesting to know - Speed RatingIn Europe, where selected highways do not have speed limits and high speed driving is permitted, speed ratings were established to match the speed capability of tires with the top speed capability of the vehicles to which they are applied. Speed ratings are established in kilometers per hour and subsequently converted to miles per hour (which explains why speed ratings appear established at "unusual" mile per hour increments). Despite the tire manufacturer's ability to manufacturer tires capable of high speeds, none of them recommend the use of their products in excess of legal speed limits.Speed ratings are based on laboratory tests where the tire is pressed against a large diameter metal drum to reflect its appropriate load, and run at ever increasing speeds (in 6.2 mph steps in 10 minute increments) until the tire's required speed has been met.It is important to note that speed ratings only apply to tires that have not been damaged, altered, under-inflated or overloaded. Additionally, most tire manufacturers maintain that a tire that has been cut or punctured no longer retains the tire manufacturer's original speed rating, even after being repaired because the tire manufacturer can't control the quality of the repair.Beginning in 1991, the speed symbol denoting a fixed maximum speed capability of new tires must be shown only in the speed rating portion of the tire's service description, such as 225/50R16 89S. The most common tire speed rating symbols, maximum speeds and typical applications are shown below:M81 mph130 km/hN87 mph140 km/hTemporary Spare TiresP93 mph150 km/hQ99 mph160 km/hStudless & Studdable Winter TiresR106 mph170 km/hH.D. Light Truck TiresS112 mph180 km/hFamily Sedans & VansT118 mph190 km/hFamily Sedans & VansU124 mph200 km/hH130 mph210 km/hSport Sedans & CoupesV149 mph240 km/hSport Sedans, Coupes & Sports CarsWhen Z-speed rated tires were first introduced, they were thought to reflect the highest tire speed rating that would ever be required, in excess of 240 km/h or 149 mph. While Z-speed rated tires are capable of speeds in excess of 149 mph, how far above 149 mph was not identified. That ultimately caused the automotive industry to add W- and Y-speed ratings to identify the tires that meet the needs of new vehicles that have extremely high top-speed capabilities.W168 mph270 km/hExotic Sports CarsY186 mph300 km/hExotic Sports Cars

Yesterday, I went to Costco to get four new tires for our 2000 MPV. The odometer was broken since last summer. We don't know how many miles it rolled exactly, but it must be over 110k.This is the...

Personal

Configure IIS with perl CGI

To configure ActivePerl to work with IIS 6 on Windows 2003: 1. Start the Internet Information Services (IIS) Manager from Window's Administrative Tools menu. 2. Select the desired web site, then select Web Service Extensions. Click Add New Web Service Extension. 3. Enter a descriptive Extension Name (such as "Perl CGI"), then enter the following string in the Required Files field: C:\\Perl\\bin\\perl.exe "%s" %s As necessary, modify the path to the Perl executable on the selected system. Check Set Extension Status to Allowed, then click OK. Somehow, my Windows 2003 has this extension already though it is disabled. All I need to do is to enable it by click on "Allow" button. 4. Expand the Web Sites directory in the IIS Manager and right-click Default Web Site. Select New | Virtual Directory.... Use the wizard to specify the location of your Perl CGI programs. On the Access Permissions page, ensure that Read, Run Scripts and Execute are enabled. 5. Right-click the new virtual directory and select Properties. On the Mappings tab of the Application Configuration page, ensure that the .pl or .cgi extension is mapped to the Perl interpreter specified above. (Enter the same string in the Executable Path field as shown in step 3.) 6. In order to run ASP scripts, ensure that Active Server Pages are "allowed". Under the Web Service Extensions directory, select Active Server Pages. Change the status from "Prohibited" to "Allowed". 7. Restart the IIS service. 8. Test your configuration as described in Testing Your Web Server Configuration.The above was 'copied' from http://aspn.activestate.comA Microsoft article How To Add and Remove Web Service Extension Files in IIS 6.0 tells how to use iisext.vbs command line script, which is stored in the Sysvol\\system32\\ (default Windows\\System32) directory.

To configure ActivePerl to work with IIS 6 on Windows 2003: 1. Start the Internet Information Services (IIS) Manager from Window's Administrative Tools menu.2. Select the desired web site, then select...

Personal

What exactly does PG-13 mean?

PG-13, PG, G, and R, no matter if you are a movie lover or only watch movie occasionally, you should see those a lot of times. But do you really understand their true meanings? I think most people normally ignore them just like me. Actually I did have a discussion on whether kids under 13 can watch PG-13 movies. As always, internet helps me again. In the United States, there are many different movie rating systems, but the MPAA (motion picture rating systems) rating system is the most recognized system for classifying potentially offensive content.The original MPAA movie ratings system started in 1968 and only in use for two years. It consisted of: \* Rated G: General Audiences. All ages admitted. \* Rated M: Suggested for Mature Audiences. Parental discretion advised. \* Rated R: Restricted. Persons under 16 are not admitted unless accompanied by parent or adult guardian. \* Rated X: Persons under 17 not admitted.The famous PG-13 was added at July 1984 for those movies that have some materials may be inappropriate for children under 13. Besides PG-13, the system currently in use has 4 other ratings. G - General Audiences All ages admittedPG - Parental guidance suggested Some material may not be suitable for children.R - Restricted Under 17 requires accompanying parent or adult guardian.NC-17 No one 17 and under admitted. For more details, please check out this link http://en.wikipedia.org/wiki/PG-13

PG-13, PG, G, and R, no matter if you are a movie lover or only watch movie occasionally, you should see those a lot of times. But do you really understand their true meanings? I think most...

Personal

Ghost Chili = Bhut Jolokia

When asking the world's hottest chile pepper, most people would answer the Red Savina Habanero. Yes, you would be right couple of months ago. That is the old champion. The new one is called 'Bhut jolokia' (probably due to its ghostly bite or introduction by the Bhutias from Bhutan poison chile) as twice as spicy as the previous record-holder. It is also called 'Bih Jolokia' in some places of Assam state of India (Bih = Poison, Jolokia = chile pepper; in Assamese). Other names are Borbih Jolokia, Nagahari, Nagajolokia, Naga Morich, Naga Moresh and Raja Mirchi (the king of chiles). These are all the same chile but named differently at different places. If you have trouble to remember those Indian names, you could called it 'ghost chili'. Let us read how people said about this thumb-size chili pepper with frightening potency."The pain was exquisite. It was like having your tongue hit with a hammer. Man, it hurt. My tongue swelled up and it hurt like hell for days.""Anyone foolhardy enough to eat a whole Dorset Naga would almost certainly require hospital treatment.""This chilli is so hot, you'd have to drink 250,000 gallons of water just to put out the fire.""If you eat one, you will not be able to leave this place." a farmer living at Changpool, India, who spent a lifetime eating this strange named chili pepper, insists that outsiders shouldn't eat it. "it is like dying."For those who living in Assam state, northeastern India, it is a cure for stomach troubles and, seemly paradoxically, a way to fight the crippling summer heat.A few months ago, Guniness World Records made it official. Bhut jolokia has more than 1 million (1,001,304) Scoville units, the scientific measurement of a chili's spiciness. This were measured by New Mexico State University's Chile Pepper Institute. For comparison, the old champion the Red Savina Habanero has a score about 580,000. Classic Tabasco sauce ranges from 2,500 to 5,000 Scoville units. Basic jalapeno pepper measures anywhere from 2,500 to 8,000. You might want to know what the Scoville units are. The Scoville Scale is a scale to measure the heat level in chillies. It was first a subjective taste test, but since, it has been refined by the use of HPLC (High Performance Liquid Chromatography), the unit is named in honour of its inventor Dr. Wilbur Scoville developed in 1912.There are other methods, but the Scoville Scale remains the most widely used and respected. The greater the number of Scoville units, the hotter the pepper. Of course, being a natural product, the heat can vary from pepper to pepper, so this scale is just a guide, not precise, due to expected variation within a species—easily by a factor of 10 or more—depending on seed lineage, climate and even soil (this is especially true for habaneros).The number of Scoville heat units (SHU) indicates the amount of capsaicin present. Capsaicin is a chemical compound which stimulates chemoreceptor nerve endings in the skin, especially the mucus membranes. The highest Scoville units for non-nature pepper products is from pure capsaicin, 15,000,000–16,000,000, 9,100,000 for Nordihydrocapsaicin (an irritant, a lipophilic colorless odorless crystalline to waxy compound). A standard US grade pepper spray, also an irritant, is used in riot control, crowd control and personal self-defense, has a range of 2,000,000–5,300,000.Reference: Argus news Wednesday, August 1, 2007

When asking the world's hottest chile pepper, most people would answer the Red Savina Habanero. Yes, you would be right couple of months ago. That is the old champion. The new one is called...

Personal

Video file conversion

My son asked me to download video from youtube to play on his MP4. Honestly, I have no idea how to do that, as I knew that video clips showing on youtube is kind of special (flv), not like other files can be easily save on my computer. Of course, even you don't know a thing about this, you only need half hour to get a pretty good idea after some searching on the web. Yes, there are many free tools for this purpose, downloading video clips from web sites like youtube. I decided to give it a try. Based on the review, I chose "Youtube to iPod Converter" from dvdvideosoft.com. It works perfectly. All you need is to supply a URL like http://youtube.com/watch?v=-ZmAgFyVo48, and tell it what format you want mpeg4 or mp3, and what quality you would like.So far so good, the next step to play it on the MP4. I thought I only need to drag it to the MP4 that is connected to my computer like a USB drive. Yes, it took only seconds to finish the copying. But after changing to video play mode, this file didn't show up in the list. I took out the manual, which briefly mention that this MP4 only plays avi file. Fortunately, the MP4 player comes with a piece of software - AVI Video Converter. OK, since the MP4 was bought in China, the software is a Chinese version, which can not show menu/label/message properly on an English Windows. As I knew I need a conversion tool, I turned back to the web for help. This time, I downloaded another tool called AVS Video Converter from avs4you.com. This tool is advertised to convert, split, join, remove commercials, edit, rotate, add logo, cut scenes, apply effects, extract audio tracks and images, capture, transfer, copy, rip, and burn DVD and video files with AVS Video Tools. All key formats are supported: AVI (DivX, XviD), DV AVI, MP4 (Sony PSP, Apple iPod, Archos DVR, Creative Zen), WMV, 3GP, 3G2, QuickTime (MOV, QT), SWF, DVD, VOB, VRO, MPEG 1,2, MPG, DAT, VCD, SVCD, ASF, MJPEG, H.263, H.264, Real Video (RM, RMVB), and DVR-MS. Direct transfer to iPod, PSP, mobiles and other portable players. Create and upload your video to wide range of mobile devices--portable players, including Sony PSP, Apple iPod, Archos DVR, Creative Zen Vision, mobile phones capable of video playback, and portable DVD players.No surprise, the AVIConverter works. Even for mpeg4 to avi, there are many different formats for avi. But no matter which format I chose, the output avi file was not playable on the MP4, though it shew on the video list. It kept complaining "wrong format". Looking for answers on the web, the possible reason is that the resolution of avi file does not match with the LCD screen. I guess the only way to resolve this is to find another tool and get the Chinese version tool to show the menu in a human readable way, which is impossible in a near future ...

My son asked me to download video from youtube to play on his MP4. Honestly, I have no idea how to do that, as I knew that video clips showing on youtube is kind of special (flv), not like other...

Personal

Download free music

I bought a mp3 for myself and a mp4 player for my son recently. I normally learn to Chinese songs and I know where to download them. However my son asks me to help him to download English songs. The only such web site for downloading or say sharing songs is napster, I heard from news. I went to the napster site, and saw it asking for $9.95 a month. I then started to search on google. I tried download.com, which has lots of songs. I could play it online, but I don't know how to save to my computer.Yesterday night, my son asked me to download songs from youtube. This sounds easy but actually some serious research work is required. I learned a lot after surfing on the net for a hour, and Matthew Miller's blog has all I need to know. Here is his blog:There are several options for free, safe, legal music and video downloads. People recommend Limewire, Bittorrent, Bearshare and the like, but most the content on such networks constitute a copyright violation or can be infested with viruses. Most of these programs are also known to have trouble with Firewalls and a few won't run under Windows Vista.The first legal source is Podcasts. My favorite is Crap from the Past at crapfromthepast.com. The host Ron "Boogymoster" Gerber, describes it as a graduate level course in pop music, and he's not far off. You'll hear a lot of music that hasn't been on the air for a long time. The program is available as a podcast, with three half hour segments coming out a week.Another great source of Public Domain and Creative Commons music is archive.org. For example, It's amazing how much old school Jazz has fallen into the Public Domain. A lot of techno and pop artists use a Creative Commons license that makes non-commercial distribution legal.Jamendo.com is a record label that makes all their music available for download for free. The idea is to give away MP3s to encourage people to buy the actual CDs.Archive.org has a page that lists other labels like Jamendo that offer free, legal downloads of their music.http://www.archive.org/details/netlabelsYou can also look into various music Podcasts. For example, there are some really good Celtic music podcasts, Celtic Music News being my favorite. celticmusicnews.comThe BBC and NPR have a variety of music programs, most of which are free downloads or can be listened to as streaming media.If you use iTunes, the iTunes store has a selection of free music and videos, with new free music being released on Tuesdays. You can even sign up for a mailing list to be notified of new free content when it becomes available.Finally, there's etree.org. A LOT of artists give permission to allow the recording and distribution of their live performances. etree.org only offers "lossless" recordings, so you'll need to convert them into another format to use them on your portable media player. The good news is since these are lossless files to start with, you won't have the data degradation and conversion artifacts typical of say, converting a WMA to an MP3. It's more like ripping an CD.All told, there's a LOT out there free of charge. The Kuro5hin article I link to below has even more detail.http://www.kuro5hin.org/story/2003/9/5/05113/70314http://www.celticmusicnews.com/http://archive.orghttp://www.archive.org/details/netlabelshttp://crapfromthepast.comhttp://www.jamendo.com/en/http://www.etree.org/http://www.kuro5hin.org/story/2003/9/5/05113/70314http://www.ghacks.net/2005/12/03/free-music-list-december-20

I bought a mp3 for myself and a mp4 player for my son recently. I normally learn to Chinese songs and I know where to download them. However my son asks me to help him to download English songs....

Personal

月季、玫瑰和蔷薇

月季、玫瑰和蔷薇是同属蔷薇科蔷薇属的姊妹花,因此,它们的形态十分相似,很容易使人混淆。在这里,我找出了它们的一些特点,这样区别起这"三姊妹"就来容易多了。  月季和玫瑰的枝条较为直立(当然也有少数月季是蔓生的),月季茎干低矮、玫瑰轻干粗壮。蔷薇植株较高,但茎干轻长,枝条蔓生或攀缘。  月季和蔷薇的茎刺较大且一般有钩,每节大致有3、4个;月季的新枝是紫红色;玫瑰的茎密布着绒毛和如针状的细硬刺且茎呈黑色。 月季的小叶一般为3-5片,叶片平展光滑;蔷薇的小叶为5-9片,叶缘有齿,叶片平展但有柔毛; 玫瑰小叶也为5-9片,但叶片下面发皱,叶背发白有小刺,整个叶片也较厚且叶脉凹陷。  月季一般为单花顶生,也有数朵簇生的,一般为1-3朵,花径约5厘米以上,花柄长且月月季季开花不败,故称月月红、月季花、长春花。蔷薇花常是6-7朵族生,为圆锥状伞房花序,生于枝条顶部,花径约3厘米,每年只开一次。玫瑰花单生或1-3朵簇生,花柄短,花茎与蔷薇花大致相同,也只在夏季开一次花,但 玫瑰花的香气要比月季、蔷薇浓郁很多。  另外,月季与玫瑰在花谢后萼片均不脱落,而蔷薇的萼片就会脱落;季与蔷薇的果实为圆球体,玫瑰是扁圆形的果实。月季、玫瑰和蔷薇都是蔷薇科蔷薇属观花植物,很多人将它们混淆,错把月季叫成玫瑰,错将蔷薇说成月季。它们的主要不同点如下: 月季:小叶3至5枚,叶片表面光滑有光泽。花色丰富,一年多次开花,花清香,常盆栽或作为切花栽培,人工栽培品种极多。 玫瑰:小叶5至9枚,叶片有皱纹,枝密生细刺、刚毛和绒毛。花紫红色或白色,一年开花一两次,花浓香,常作为经济植物栽培,提炼香精。 蔷薇:小叶7至9枚,表面暗绿,两面无毛,有光泽,枝条蔓生。花多而密,一年开花1次,花淡香,常用作花篱。  几招辨认玫瑰与月季的小常识—— 玫瑰和月季都是蔷薇属的花,长得的确非常像,辨认起来其实也挺简单,通常就这么三招,一看二摸三闻:一看:从小叶区分,月季的小叶一般为3片左右,而玫瑰的小叶一般在5到9片;二摸:摸花茎,月季花茎上的刺比较大,每节大致有三四个,而玫瑰的花茎上的硬刺密密麻麻,摸哪儿都扎手;三闻:闻闻有没有香味,玫瑰花有一股浓郁的玫瑰香,而月季几乎就闻不出任何味!  "月季月季",它月月都开,街边的花坛里到处都是,当然不值钱了!而玫瑰每年只开一次花,一般是五六月份,错过了这俩月,就很难买到真玫瑰了。昨天了解到一个吃惊的事实:蔷薇,月季和玫瑰,它们其实是一种花!在英语里,它们对应的单词都是rose。它们都属于蔷薇科蔷薇属。说起来,月季和玫瑰只是蔷薇的不同品种而已。玫瑰的俗名是hedgerow rose,学名是Rosa rugosa。月季的俗名是Chinese Rose,学名是Rosa chinensis。从名字上可以看出,月季是中国的特有品种。根据史料,我国栽培月季已有2000多年的历史,培育了许多优良品种。17~18世纪传入欧洲,欧洲人用中国月季与欧洲的野生蔷薇进行杂交,培育出了二万多个园艺品种。下面是在网上找到的资料。月季与玫瑰的主要(八大)差别月季 玫瑰 茎皮绿色 茎皮灰褐色 茎干常带钩刺 茎干带绒毛,并密生刚毛和倒刺 复叶3-5小叶,叶面光滑不起皱 复叶7-9-小叶,叶片多皱 温暖的地区四季开花 一季(5-6月)或一季半开花(春夏盛花,秋季零星开花) 花柱长,离生,突出花托口外 花柱短,聚合为头状,正好罩住花托口 花香为月季花香 花香为玫瑰花香 花色丰富。各种颜色都有,包括复色花 玫瑰紫。少数开白花 果实近球形,阔卵圆形或卵形 果实扁球形月季、玫瑰 和蔷薇三者是同科同属的姊妹花,形态上有近似之处,因此不少人常将三者混同,把 月季、蔷薇统统称为玫瑰,或将玫瑰叫月季。但仔细观察,它们的区别是较明显的。一是枝条不同:月季枝条直立稍扩张,枝上常有少量的钩状皮刺;玫瑰直立,枝上多刺和刚毛;蔷薇茎干细长,枝条蔓生或攀援多刺。二是叶片不同:月季小叶少,一般为3~5片,叶面较平展,不凹陷,无皱纹;玫瑰小叶为5~9片,质地较厚,叶脉凹陷,叶面多皱纹,叶背附有一层白霜似的柔毛;蔷薇小叶较多,一般为7~9片,叶缘有齿,叶两面有柔毛。三是花朵不同:月季一般为顶花单生,也有数朵簇生的,花朵大,花径一般在6cm以上,每年开花4~6次,色彩丰富,多为重瓣;玫瑰花单生或簇生,每年5~8月只开花一次,香气比月季、蔷薇浓,花柄短,花径约3cm左右,花多为紫红色,有单瓣和重瓣种;蔷薇花常6~7朵簇生,呈圆锥状伞房花序,生于枝端,花朵大小同玫瑰,花形、花色因品种而异,有红、粉、黄、白等色。每年夏季开花一次。人们都喜爱玫瑰。玫瑰像婀娜多姿的姑娘,它那美丽的花瓣、浓郁的香味令人qw1.jpg (35631 字节) 陶醉,它具有很多坚硬的皮刺,不小心容易被它刺痛,,这位姑娘美丽又高做,使人不得随意接近,从而更增加了它的魅力。人们往往认为带刺的红花就是玫瑰。通过调查发现,市场上人们普遍认为的玫瑰都是月季和月季的杂交品种,真正的红玫瑰在市场上难以找到。月季、玫瑰和蔷蔽都属于蔷薇科蔷薇属,三者亲缘关系很近,杂交品种也很多,所以人们经常分不清哪是月季、哪是玫瑰、哪是蔷蔽。但它们是有明显区别的3个不同的物种。1.月季(Rosa chinensis):我国是月季的故乡。18世纪末19世纪初中国月季传人欧洲,与很多国外品种反复杂交,中国月季的月月、季季开花的遗传性改造了欧洲月季,随之育成了现代月季。所以现代月季和中国原产的古代月季(Rosachinensis)无论在形态上或染色体组成上都有很大的差异。现在国内90%以上的月季都是国外引进的现代月季。现代月季以株型、花的大小、香味等分为六类:丰花月季、壮花月季、微型月季、藤本月季、香水月季、灌木月季等。杂交品种超过200种。花色有白、绿、兰、红、淡红、粉红、黄、淡黄等。 图1.市售"玫瑰"--红花的月季,示叶有光泽无毛,边缘有锐锯齿 图2.月季花纵剖,示萼筒倒圆锥状,花柱离生 图3.月季的皮刺粗而下弯 2.玫瑰(Rosa rugosa )玫瑰原产我国东北、华北、朝鲜、日本也有分布。目前我国栽培的"玫瑰"种类繁多,作为香料栽培而有经济价值的"�����������瑰"只有2种:1>重瓣红玫瑰(ROai rugosa cv. "plena"),它是玫瑰的栽培变种,2>苦水玫瑰(Rosa serrata X R.rugosa),它是玫瑰的杂交种。玫瑰油是世界名贵的香精,是调制甜韵花油的代表性原料。是香精油中的精品。国际上玫瑰油主产于保加利亚和法国南部,用以生产的是香水玫瑰(Rosa damascena)。我国有些地方把一些有香味的月季或蔷薇当玫瑰栽培,但含油率低,香味不浓。可见玫瑰在香料生产上。国内外都是广义地指向蔷薇属(Rosa)中的具有红色香花的一些种。植物学上的玫瑰是专指rosa rugosa。它的变种有红玫瑰(花红色)、白玫瑰(花白色)、重瓣白玫瑰(花白色重瓣)等。 图1.重瓣红玫瑰示叶面皱,边缘的锯齿钝,茎上除长的直刺外,还有细小,先端具有腺体的细刺 图2.重瓣白玫瑰花纵剖,示萼筒扁球形,花柱离生 图3.玫瑰的皮刺粗细不匀,多而直3.蔷薇(Rosa mulitiflora)又称为野蔷蔽、多花蔷薇。它广泛分布于我国除东北、西北以外的广大地区。生路边、林缘和旷野。其中易扦插繁殖,常被用作嫁接月季的砧木变种有:粉团蔷薇:var. cathayensis花较大,单瓣粉红色,直径2.5~4厘米,花柄有腺毛、叶较大;七姊妹:var.platyphylla,花重瓣深红色;荷花蔷薇:var.carnea叶通常较小,花重瓣,粉红色。 图1.蔷薇示叶面不皱,边缘具锐锯齿,花小型,多数 图2.蔷薇花纵剖,示萼筒长球形、花柱合生 图3.蔷薇的皮刺疏而下弯

月季、玫瑰和蔷薇是同属蔷薇科蔷薇属的姊妹花,因此,它们的形态十分相似,很容易使人混淆。在这里,我找出了它们的一些特点,这样区别起这"三姊妹"就来容易多了。   月季和玫瑰的枝条较为直立(当然也有少数月季是蔓生的),月季茎干低矮、玫瑰轻干粗壮。蔷薇植株较高,但茎干轻长,枝条蔓生或攀缘。  月季和蔷薇的茎刺较大且一般有钩,每节大致有3、4个;月季的新枝是紫红色;玫瑰的茎密布着绒毛和如针状的细硬刺且茎呈...

Personal

Do I have a 64 bit Windows XP (2003)?

The easiest way to tell is to check if you are running Windows XP – Home, Professional, Media Center or Tablet PC Edition version 2002 (or Media Center 2004), you have a 32bit version of Windows. At present the 64bit Editions of Windows are packaged with 64 Bit computers and the client versions are packaged with the name '64-Bit Edition' or 'x64 Professional' rather than just Home or Professional.If you don't know what package you have, and you know windows registry, you can then open up the registry (regedit): "HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment\\PROCESSOR_ARCHITECTURE".If the value is "x86", then you have a 32 bit version of Windows. Otherwise, your Processor Architecture is not 32-Bit x86. Your machine could be potentially running a 64-Bit Edition of Windows. You should open your system properties to identify which hotfixes to apply on this system.Intel Itanium/II CPU = patches marked IA64 AMD Opteron or Athlon64/FX = Patches marked as AMD64.There are some other ways. On Windows XP or Server 2003, you can try command "sysdm.cpl". On the General tab, under System, a 64-bit version operating system should include "x64" in the name, for example, "Microsoft Windows XP Professional x64 Edition Version < Year>".Or you can try command "winmsd", in the details pane, locate Processor under Item. If the value that corresponds to Processor starts with x86, the computer is running a 32-bit version of the Windows operating system. Otherwise, it starts with EM64T or ia64 for a 64-bit version.Check on How to determine whether your computer is running a 32-bit version or a 64-bit version of the Windows operating system for Windows Vista.

The easiest way to tell is to check if you are running Windows XP – Home, Professional, Media Center or Tablet PC Edition version 2002 (or Media Center 2004), you have a 32bit version of Windows....

Personal

The Guy's Rules

You might read the guy's rules from other sources. I just read this on a mail today. I love it as it is funny and absolutely true!!! I don't known if all guys would agree with it, but I do. In the original mail, all rules were numbered "1" ON PURPOSE. I renumbered them by moving some (only 30%) to 2 (not bothering me too much) and 3 (don't care). What about you?\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* The Guys' Rules \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*At last a guy has taken the time to write this all downFinally, the guys' side of the story. We always hear "the rules" From the female side. Now here are the rules from the male side.These are our rules!1. Men are NOT mind readers.1. Ask for what you want. Let us be clear on this one: Subtle hints do not work! Strong hints do not work! Obvious hints do not work! Just say it!1. Yes and No are perfectly acceptable answers to almost every question.1. Come to us with a problem only if you want help solving it. That's what we do. Sympathy is what your girlfriends are for.1. A headache that lasts for 17 months is a Problem. See a doctor.1. Anything we said 6 months ago is inadmissible in an argument. In fact, all comments become null and void after 7 Days.1. If you won't dress like the Victoria 's Secret girls, don't expect us to actlike soap opera guys.1. If something we said can be interpreted two ways and one of the ways makes you sad or angry, we meant the other one.1. You can either ask us to do something Or tell us how you want it done. Not both. If you already know best how to do it, just do it yourself.1. If we ask what is wrong and you say "nothing," We will act like nothing's wrong. We know you are lying, but it is just not worth the hassle.1. If you ask a question you don't want an answer to, expect an answer you don't want to hear.1. When we have to go somewhere, absolutely anything you wear is fine... Really.1. Don't ask us what we're thinking about unless you are prepared to discuss such topics as baseball, the shotgun formation, or golf.1. Thank you for reading this. Yes, I know, I have to sleep on the couch tonight; But did you know men really don't mind that? It's like camping.2. If you think you're fat, you probably are. Don't ask us.2. Christopher Columbus did NOT need directions and neither do we.2. Shopping is NOT a sport. And no, we are never going to think of it that way.2. Crying is blackmail.2. ALL men see in only 16 colors, like Windows default settings. Peach, for example, is a fruit, not A color. Pumpkin is also a fruit. We have no idea what mauve is.2. You have enough clothes.2. You have too many shoes.3. I am in shape. Round IS a shape!3. Learn to work the toilet seat. You're a big girl. If it's up, put it down. We need it up, you need it down. You don't hear us complaining about you leaving it down.3. Sunday sports it's like the full moon or the changing of the tides. Let it be.3. Whenever possible, please say whatever you have to say during commercials.

You might read the guy's rules from other sources. I just read this on a mail today. I love it as it is funny and absolutely true!!! I don't known if all guys would agree with it, but I do. In...

Oracle

Integrated Cloud Applications & Platform Services