区块链翻译文章系列(一)初学者指南 Blockchain For Dummies: A Beginner’s Guide

Blockchain For Dummies: A Beginner’s Guide

 

Blockchain: the single most confusing term since Bitcoin. Everyone has a vague idea of what it does. It’s either the ultimate evolution of financial technologies, or a silly fad that can be summed up in the disconcerting phrase: “dogechain.” In reality, major companies around the world have already shown favor to the burgeoning money exchange system and it may become harder and harder to stay away from the financial dark art.
In reality, it is all relatively easy to understand. The Blockchain is a public ledger where transactions are recorded and confirmed anonymously. It’s a record of events that is shared between many parties. More importantly, once information is entered, it cannot be altered. So, if the blockchain is the public record, what is being recorded? What are all of these “transactions”?

Cryptocurrencies, like bitcoin, are currencies that exist solely in digital. There are no physical golden coins with a big “B” on them. Moreover, owning these non-real coins entails a new idea of “ownership.” You don’t literally have it in your hands, or even in your bank account, but you have the ability to transfer “ownership” to someone else simply by creating a record in the blockchain. Rather than using bills, your transfer is pure data.

Where exactly is this chain located? Due to the open nature of cryptocurrencies, and the importance of the public having access to other blocks, the blockchain isn’t located on just one guy’s large computer. For example, the bitcoin blockchain is actually managed by distributed nodes. These nodes all have a copy of the entire blockchain. Nodes will forever come and go, synchronizing their own copies of the chain with those of other users. By distributing copies and access, the chain can’t simply “go down,” or disappear. It’s a decentralized system that is both sturdy and secure.

All of your dogecoins are in a row, but what do you do with them? Whether you’re using them IRL or online, the blockchain makes it happen. There are many reasons people are falling in love with cryptocurrencies: it’s anonymous, decentralized, and there are no fees or third parties trying to grab a percentage. However, if there were absolutely no regulations in place, the new currency would quickly become a greedfest of users trying to screw each other over. The public nature of the blockchain means that anyone can check it. It is effectively anonymous, yet public, simultaneously, and it is in the best interest of users if it remains so.
You can accept and trade coins, or you can mine for them. Miners can spend thousands of dollars on the right equipment just to mine coin. But what do they really do? What miners do is quite similar to real-world miners in that they are actively looking for something. Their computer repeatedly works through complex calculations to find a very specific answer.

Miners solve problems, but how in the world is that helpful? Short story, miners are actually verifying that transactions posted by other users are legitimate, and the numbers all add up. Long story…

Miners collect transactions and put them into a single block. A block generally contains four pieces of information: a reference to the previous block, a summary of included transaction, a time stamp, and Proof of Work that went into creating the secure block. The blocks are strung together into a chain—a fluid chain that does not allow for any inconsistencies; this means there are no “bad cheques” in the system, and transactions entered are necessarily valid and can be processed. By checking the blockchain and confirming transactions, the entire system is effectively self-regulated and fully secure. No, that doesn’t mean some kid cooped up in a basement can just click “okay” and confirm a billion dollar transfer. Blocks generally need numerous independent confirmations, and the equations are intended to be hard to crack. Not to mention, the hardware required is far more specialized than the average laptop. Finally, what’s to stop someone from simply going back and editing existing blocks? Each block is securely hashed—meaning it is rendered into seeming gibberish and nearly impossible to invert or undo. Once it’s in the blockchain, it’s there forever.

rough idea of blockchain
A rough idea of what a block chain may look like, courtesy of Yevgeniy Brikman

python for dummies pdf
A rough idea of what a block chain may look like, courtesy of Yevgeniy Brikman

So, why waste time and resources helping other people, or the blockchain? Why not let someone else do all that “confirmation stuff,” while you just mine? Because, you don’t necessarily have a choice. Confirmation of the blockchain is central to mining. It’s part of the actual mining process; however, miners are generally given incentives. For example, after solving a problem (and creating a new hash) they are rewarded with coins.

Will you be seeing a blockchain-styled ledger in your future? Short answer: oh yes. Blockchain and cryptocurrencies have caused quite a stir over the past years. However, it seems their real importance has yet to be fully realized. The future isn’t just in businesses around the globe sporting happy “Now Accepting Bitcoins” signs, but rather emerging companies (and revolutionary existing ones, too) finding new uses for the cutting edge technology. VC firms and investors are placing their bets on the blockchain because there is untapped potential. Identity management, international contracts, and all sorts of complicated bank transactions can be greatly altered with the public ledger system. The process could (in an ideal world) work seamlessly, crossing boundaries where banks, logistics or a plethora of other obstacles once existed. They could be combined with the Internet of Things to create a more connected and automated world. Future companies may be able to absorb mountains of new data, or even digitize real-world things that are hard to quantify. Unfortunately, many big companies are remaining mum on the studies in the blockchain field for obvious reasons.

However, it is public knowledge that nine major banks (including JP Morgan and Goldman Sachs) recently joined a partnership to develop blockchain technologies. That’s not to say major companies are getting in on the cryptocurrency game; rather, they realize that the blockchain system, itself, could be a powerful tool for efficiency. With a system as versatile and secure as the blockchain, there may many unexpected innovations in the coming months and years.

Origin post:

Blockchain For Dummies: A Beginner’s Guide

BY: HANNAH AUGUR

http://byteacademy.co/blockchain-for-dummies-a-beginners-guide/

CentOS 7 下 firewalld的基本操作

这两天服务器升级,升级后发现有些服务不能用了。后来研究了一下,是因为防火墙的原因。之前调试,为了偷懒,把防火墙关了,就没启动过,现在想想裸奔了几个月,心真是大。

对外增加服务:

firewall-cmd --zone=public --add-port=80/tcp --permanent

对内设置安全区

firewall-cmd –permanent –zone=internal –change-interface=enp03s

firewall-cmd --zone=public --add-port=3306/tcp --permanent

最后,再重新加载firwalld策略

firewall-cmd --reload

以下转载:

http://qianxunclub.com/linux-centos-7-fang-huo-qiang-zhi-ju-you-ming-ling-xing-de-firewalldde-ji-ben-cao-zuo/

启动FirewallD服务:

?

1
2
systemctl enable firewalld.service #设置开机启动
systemctl start firewalld.service #开启服务

查看防火墙状态:

?

1
systemctl status firewalld

1. 区域管理

1.1. 网络区域简介

通过将网络划分成不同的区域,制定出不同区域之间的访问控制策略来控制不同程序区域间传送的数据流。例如,互联网是不可信任的区域,而内部网络是高度信任的区域。网络安全模型可以在安装,初次启动和首次建立网络连接时选择初始化。该模型描述了主机所连接的整个网络环境的可信级别,并定义了新连接的处理方式。有如下几种不同的初始化区域:

  • 阻塞区域(block):任何传入的网络数据包都将被阻止。
  • 工作区域(work):相信网络上的其他计算机,不会损害你的计算机。
  • 家庭区域(home):相信网络上的其他计算机,不会损害你的计算机。
  • 公共区域(public):不相信网络上的任何计算机,只有选择接受传入的网络连接。
  • 隔离区域(DMZ):隔离区域也称为非军事区域,内外网络之间增加的一层网络,起到缓冲作用。对于隔离区域,只有选择接受传入的网络连接。
  • 信任区域(trusted):所有的网络连接都可以接受。
  • 丢弃区域(drop):任何传入的网络连接都被拒绝。
  • 内部区域(internal):信任网络上的其他计算机,不会损害你的计算机。只有选择接受传入的网络连接。
  • 外部区域(external):不相信网络上的其他计算机,不会损害你的计算机。只有选择接受传入的网络连接。

注:FirewallD的默认区域是public。

1.2. 显示支持的区域列表

?

1
firewall-cmd --get-zones

1.3. 设置为家庭区域

?

1
firewall-cmd --set-default-zone=home

1.4. 查看当前区域

?

1
firewall-cmd --get-active-zones

1.5. 设置当前区域的接口

?

1
firewall-cmd --get-zone-of-interface=enp03s

1.6. 显示所有公共区域(public)

?

1
firewall-cmd --zone=public --list-all

1.7. 临时修改网络接口(enp0s3)为内部区域(internal)

?

1
firewall-cmd --zone=internal --change-interface=enp03s

1.8. 永久修改网络接口enp03s为内部区域(internal)

?

1
firewall-cmd --permanent --zone=internal --change-interface=enp03s

2. 服务管理

2.1. 显示服务列表

Amanda, FTP, Samba和TFTP等最重要的服务已经被FirewallD提供相应的服务,可以使用如下命令查看:

?

1
firewall-cmd --get-services

2.2. 允许SSH服务通过

?

1
firewall-cmd --enable service=ssh

2.3. 禁止SSH服务通过

?

1
firewall-cmd --disable service=ssh

2.4. 打开TCP的8080端口

?

1
firewall-cmd --enable ports=8080/tcp

2.5. 临时允许Samba服务通过600秒

?

1
firewall-cmd --enable service=samba --timeout=600

2.6. 显示当前服务

?

1
firewall-cmd --list-services

2.7. 添加HTTP服务到内部区域(internal)

?

1
2
firewall-cmd --permanent --zone=internal --add-service=http
firewall-cmd --reload #在不改变状态的条件下重新加载防火墙

3. 端口管理

3.1. 打开端口

?

1
2
#打开443/TCP端口
firewall-cmd --add-port=443/tcp

?

1
2
3
4
5
#永久打开3690/TCP端口
firewall-cmd --permanent --add-port=3690/tcp
#永久打开端口好像需要reload一下,临时打开好像不用,如果用了reload临时打开的端口就失效了
#其它服务也可能是这样的,这个没有测试
firewall-cmd --reload

?

1
2
#查看防火墙,添加的端口也可以看到
firewall-cmd --list-all

4. 直接模式

FirewallD包括一种直接模式,使用它可以完成一些工作,例如打开TCP协议的9999端口

?

1
2
firewall-cmd --direct -add-rule ipv4 filter INPUT 0 -p tcp --dport 9000 -j ACCEPT
firewall-cmd --reload

5. 关闭服务的方法

你也可以关闭目前还不熟悉的FirewallD防火墙,而使用iptables,命令如下:

?

1
2
3
4
5
systemctl stop firewalld
systemctl disable firewalld
yum install iptables-services
systemctl start iptables
systemctl enable iptables

Auto start a java Swing GUI program when raspberry boots

I planed make an self-desgin photo or movie player base on Raspberry. Also I can use it as photo frame. If I need improve the performance of the PI, I need write it with Python, I think.

 

Part 1 – Build the Foundation

In this part, we will focus on preparing Raspbian Lite.

1. Download the latest Raspbian Lite image.
2. Format the SD / microSD card with Raspbian Lite (Plenty of guides out there on how to do this. For macOS, Linux, and Windows users, Etcher is an easy to use application that can help you do this.)
3. Insert the SD / microSD card into the Pi.
4. Connect the Pi to the Internet using an Ethernet cable. If you want to use Wi-Fi instead, you will have to read on how to configure your wireless receiver using the command line after your Pi has finished booting.
5. Connect your TV / Monitor and keyboard. (Mouse is optional at this time.) Turn on the Pi. The Pi should boot up successfully and a prompt to log in will appear.
6. Log into Raspbian. The username is pi and the password is raspberry.

 

7. We will install Xorg. To do this type in:

sudo apt-get install –no-install-recommends xserver-xorg

sudo apt-get install –no-install-recommends xinit

now, you can write you java program now. For example, I wrote a test program with a button in the center of screen. once I click the button, the window will change to the full size of the screen.

import java.awt.FlowLayout;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;

import javax.swing.JButton;
import javax.swing.JFrame;

public class FullScreenTest {
public static void main(String[] args) {
final JFrame f = new JFrame(“FullScreenTest”);
final JButton btn = new JButton(“FullScreen”);
btn.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent e) {
if (btn.getText().equals(“FullScreen”)) {
f.dispose();
f.setUndecorated(true);
f.getGraphicsConfiguration().getDevice().setFullScreenWindow(f);
f.setVisible(true);
btn.setText(“NormalMode”);
} else {
f.dispose();
f.setUndecorated(false);
f.getGraphicsConfiguration().getDevice().setFullScreenWindow(null);
f.setVisible(true);
btn.setText(“FullScreen”);
}
}
});

f.getContentPane().setLayout(new FlowLayout());
f.getContentPane().add(btn);
f.pack();
f.setLocationRelativeTo(null);
f.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
f.setVisible(true);
}
}

 

Pack the file into a jar file like GUI.jar.

In order to have a command or program run when the Pi boots, you can add commands to the rc.local file. This is especially useful if you want to be able to plug your Pi in to power headless, and have it run a program without configuration or a manual start.

EDITING RC.LOCAL

On your Pi, edit the file /etc/rc.local using the editor of your choice. You must edit with root, for example:

sudo nano /etc/rc.local

Add commands below the comment, but leave the line exit 0 at the end, then save the file and exit.

sudo xinit /usr/local/jdk1.8.0_77/bin/java -jar /usr/local/mypi/GUI.jar — :1 &

 

 

Reboot your PI, then done!

解决PKIX问题:unable to find valid certification path to requested target

话说前几天在测试服务器上遇到了这么个异常

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

就是说找不着安全证书啥的等等烂码七糟的一大堆

接着就拜Google大神,发现一篇文章能被N个人转来转去的,关键文章还不怎么靠谱

后来找到了一个办法,幸运的是在测试环境一弄, 这个问题看上去就被解决了

我们要做的就是将所要访问的URL的安全认证证书导入到客户端

下面是获取安全证书的一种方法

/*
 * Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   - Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *
 *   - Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in the
 *     documentation and/or other materials provided with the distribution.
 *
 *   - Neither the name of Sun Microsystems nor the names of its
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

public class InstallCert {
	public static void main(String[] args) throws Exception {
		String host;
		int port;
		char[] passphrase;
		if ((args.length == 1) || (args.length == 2)) {
			String[] c = args[0].split(":");
			host = c[0];
			port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
			String p = (args.length == 1) ? "changeit" : args[1];
			passphrase = p.toCharArray();
		} else {
			System.out.println("Usage: java InstallCert <host>[:port] [passphrase]");
			return;
		}

		File file = new File("jssecacerts");
		if (file.isFile() == false) {
			char SEP = File.separatorChar;
			File dir = new File(System.getProperty("java.home") + SEP + "lib" + SEP + "security");
			file = new File(dir, "jssecacerts");
			if (file.isFile() == false) {
				file = new File(dir, "cacerts");
			}
		}
		
		System.out.println("Loading KeyStore " + file + "...");
		InputStream in = new FileInputStream(file);
		KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
		ks.load(in, passphrase);
		in.close();

		SSLContext context = SSLContext.getInstance("TLS");
		TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
		tmf.init(ks);
		X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0];
		SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
		context.init(null, new TrustManager[]{tm}, null);
		SSLSocketFactory factory = context.getSocketFactory();

		System.out.println("Opening connection to " + host + ":" + port + "...");
		SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
		socket.setSoTimeout(10000);
		try {
			System.out.println("Starting SSL handshake...");
			socket.startHandshake();
			socket.close();
			System.out.println();
			System.out.println("No errors, certificate is already trusted");
		} catch (SSLException e) {
			System.out.println();
			e.printStackTrace(System.out);
		}

		X509Certificate[] chain = tm.chain;
		if (chain == null) {
			System.out.println("Could not obtain server certificate chain");
			return;
		}

		BufferedReader reader = new BufferedReader(new InputStreamReader(System.in));

		System.out.println();
		System.out.println("Server sent " + chain.length + " certificate(s):");
		System.out.println();
		MessageDigest sha1 = MessageDigest.getInstance("SHA1");
		MessageDigest md5 = MessageDigest.getInstance("MD5");
		for (int i = 0; i < chain.length; i++) {
			X509Certificate cert = chain[i];
			System.out.println(" " + (i + 1) + " Subject " + cert.getSubjectDN());
			System.out.println("   Issuer  " + cert.getIssuerDN());
			sha1.update(cert.getEncoded());
			System.out.println("   sha1    " + toHexString(sha1.digest()));
			md5.update(cert.getEncoded());
			System.out.println("   md5     " + toHexString(md5.digest()));
			System.out.println();
		}

		System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
		String line = reader.readLine().trim();
		int k;
		try {
			k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;
		} catch (NumberFormatException e) {
			System.out.println("KeyStore not changed");
			return;
		}

		X509Certificate cert = chain[k];
		String alias = host + "-" + (k + 1);
		ks.setCertificateEntry(alias, cert);

		OutputStream out = new FileOutputStream("jssecacerts");
		ks.store(out, passphrase);
		out.close();

		System.out.println();
		System.out.println(cert);
		System.out.println();
		System.out.println("Added certificate to keystore 'jssecacerts' using alias '" + alias + "'");
	}

	
	private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();

	
	private static String toHexString(byte[] bytes) {
		StringBuilder sb = new StringBuilder(bytes.length * 3);
		for (int b : bytes) {
			b &= 0xff;
			sb.append(HEXDIGITS[b >> 4]);
			sb.append(HEXDIGITS[b & 15]);
			sb.append(' ');
		}
		return sb.toString();
	}

	
	private static class SavingTrustManager implements X509TrustManager {
		private final X509TrustManager tm;
		private X509Certificate[] chain;

		SavingTrustManager(X509TrustManager tm) {
			this.tm = tm;
		}

		public X509Certificate[] getAcceptedIssuers() {
			throw new UnsupportedOperationException();
		}

		public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
			throw new UnsupportedOperationException();
		}

		public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
			this.chain = chain;
			tm.checkServerTrusted(chain, authType);
		}
	}
}

编译InstallCert.java得到两个class文件,并执行InstallCert类

执行方式:java InstallCert hostname     eg:java InstallCert www.cebbank.com

接下来会看到下面的打印信息

java InstallCert www.cebbank.com
Loading KeyStore /usr/java/jdk1.6.0_31/jre/lib/security/cacerts...
Opening connection to www.cebbank.com:443...
Starting SSL handshake...

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1731)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
	at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
	at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1197)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1181)
	at InstallCert.main(InstallCert.java:102)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
	at sun.security.validator.Validator.validate(Validator.java:218)
	at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
	at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
	at InstallCert$SavingTrustManager.checkServerTrusted(InstallCert.java:198)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1198)
	... 8 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
	... 14 more

Server sent 1 certificate(s):

 1 Subject CN=www.cebbank.com, OU=Terms of use at www.verisign.com/rpa (c)05, OU=CEB, O="China Everbright Bank Co., Ltd", L=Beijing
   Issuer  CN=VeriSign Class 3 Extended Validation SSL CA, OU=Terms of use at https://www.verisign.com/rpa (c)06, OU=VeriSign Trust Network
   sha1    5b d2 85 6e b3 a4 2b 07 a2 13 47 b3 be 3e 1f c9 d3 ce 46 57 
   md5     05 d8 ae ee f1 d9 51 63 6d 2f 11 e0 ac d0 e7 d7 

Enter certificate to add to trusted keystore or 'q' to quit: [1]

然后输入 1 并回车,会看到类似下面的打印信息

[
[
  Version: V3
  Subject: CN=www.cebbank.com, OU=Terms of use at www.verisign.com/rpa (c)05, OU=CEB, O="China Everbright Bank Co., Ltd", L=Beijing
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: 30831246384548809540705228292841393062583732250993909916355780413722161557074568469738254573472093341710481517139910877
  public exponent: 65537
  Validity: [From: Mon Jul 02 08:00:00 CST 2012,
               To: Thu Jul 03 07:59:59 CST 2014]
  Issuer: CN=VeriSign Class 3 Extended Validation SSL CA, OU=Terms of use at https://www.verisign.com/rpa (c)06, OU=VeriSign Trust Network
  SerialNumber: [    5715ab25 6be8fa42 2fa28dd4 601bc732]

Certificate Extensions: 9
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: 1.3.6.1.5.5.7.48.1
   accessLocation: URIName: http://ocsp.verisign.com, 
   accessMethod: 1.3.6.1.5.5.7.48.2
   accessLocation: URIName: http://EVSecure-aia.verisign.com/EVSecure2006.cer]
]

[2]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: www.cebbank.com
]

[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: FC 8A 50 BA 9E B9 25 5A   7B 55 85 4F 95 00 63 8F  ..P...%Z.U.O..c.
0010: E9 58 6B 43                                        .XkC
]

]

[4]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.16.840.1.113733.1.7.23.6]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 1C 68 74 74 70 73 3A   2F 2F 77 77 77 2E 76 65  ..https://www.ve
0010: 72 69 73 69 67 6E 2E 63   6F 6D 2F 63 70 73        risign.com/cps

]]  ]
]

[5]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:false
  PathLen: undefined
]

[6]: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 62 30 60 A1 5E A0 5C   30 5A 30 58 30 56 16 09  .b0`.^.\0Z0X0V..
0010: 69 6D 61 67 65 2F 67 69   66 30 21 30 1F 30 07 06  image/gif0!0.0..
0020: 05 2B 0E 03 02 1A 04 14   4B 6B B9 28 96 06 0C BB  .+......Kk.(....
0030: D0 52 38 9B 29 AC 4B 07   8B 21 05 18 30 26 16 24  .R8.).K..!..0&.$
0040: 68 74 74 70 3A 2F 2F 6C   6F 67 6F 2E 76 65 72 69  http://logo.veri
0050: 73 69 67 6E 2E 63 6F 6D   2F 76 73 6C 6F 67 6F 31  sign.com/vslogo1
0060: 2E 67 69 66                                        .gif


[7]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
]

[8]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://EVSecure-crl.verisign.com/EVSecure2006.crl]
]]

[9]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 42 0A 89 BF 48 08 1E F4   98 F2 E5 DB 0D 83 EF 37  B...H..........7
0010: EC 27 6F 4D 81 69 C6 4A   4C 17 EC 57 F5 48 2A 14  .'oM.i.JL..W.H*.
0020: 3C 54 B2 C5 49 39 42 BA   EC 83 78 02 F9 96 6C 63  <T..I9B...x...lc
0030: 80 BC 60 61 BB 20 D1 AD   C3 D3 76 47 6F 0C 7B AC  ..`a. ....vGo...
0040: 76 B2 C7 2D B1 0A 7A 00   CA 40 38 86 FF 9F 12 F5  v..-..z..@8.....
0050: BE 5A E7 42 97 2F DF DE   0C 19 C5 F6 92 58 17 7A  .Z.B./.......X.z
0060: 9A 1D 2C 2C DA 8B 83 83   2D BE 07 58 56 36 92 E7  ..,,....-..XV6..
0070: B1 F8 A0 B5 00 F4 C3 30   D1 34 37 3D 94 75 28 04  .......0.47=.u(.
0080: A2 D8 C3 FE B1 E1 C2 2E   51 A8 6F D5 09 6D 49 DB  ........Q.o..mI.
0090: 2E 1D 4B F7 A8 06 30 B4   97 E7 C2 33 26 FD 6A DF  ..K...0....3&.j.
00A0: D6 B0 10 A1 F2 73 DD 5A   60 DE 51 5E EA 80 46 86  .....s.Z`.Q^..F.
00B0: 25 0B 53 FC C2 57 80 35   09 2D 31 55 28 35 EE 0F  %.S..W.5.-1U(5..
00C0: 62 50 4B 12 75 0B 02 9F   2F 0B D2 8A 0D 23 E3 C1  bPK.u.../....#..
00D0: 48 28 56 33 E1 DE 31 DD   72 78 15 96 EE 2B A5 1D  H(V3..1.rx...+..
00E0: 37 85 1B E5 88 53 80 88   02 6D 90 F3 E6 4A 74 AC  7....S...m...Jt.
00F0: D2 CA 0E 04 BC 46 A0 57   34 FA CF 9D E5 D7 0E 4B  .....F.W4......K

]

Added certificate to keystore 'jssecacerts' using alias 'www.cebbank.com-1'

同时我们会在当面目录下发现已经生成了一个名为jssecacerts的证书

再将名为jssecacerts的证书拷贝\\%JAVA_HONME%\\jre\\lib\\security\\目录中

最后重启下应用的服务,证书就会生效了。。

补充: 有人说生成证书后不用拷贝,直接代码里加句话就行,结果试了一下发现不管用

System.setProperty("javax.net.ssl.trustStore", "jssecacerts证书路径");

[转]openssl的证书格式转换

证书转换

PKCS 全称是 Public-Key Cryptography Standards ,是由 RSA 实验室与其它安全系统开发商为促进公钥密码的发展而制订的一系列标准,PKCS 目前共发布过 15 个标准。 常用的有:
PKCS#7 Cryptographic Message Syntax Standard
PKCS#10 Certification Request Standard
PKCS#12 Personal Information Exchange Syntax Standard
X.509是常见通用的证书格式。所有的证书都符合为Public Key Infrastructure (PKI) 制定的 ITU-T X509 国际标准。
PKCS#7 常用的后缀是: .P7B .P7C .SPC
PKCS#12 常用的后缀有: .P12 .PFX
X.509 DER 编码(ASCII)的后缀是: .DER .CER .CRT
X.509 PAM 编码(Base64)的后缀是: .PEM .CER .CRT
.cer/.crt是用于存放证书,它是2进制形式存放的,不含私钥。
.pem跟crt/cer的区别是它以Ascii来表示。
pfx/p12用于存放个人证书/私钥,他通常包含保护密码,2进制方式
p10是证书请求
p7r是CA对证书请求的回复,只用于导入
p7b以树状展示证书链(certificate chain),同时也支持单个证书,不含私钥。

1. CA证书

用openssl创建CA证书的RSA密钥(PEM格式):

openssl genrsa -des3 -out ca.key 1024

2. 创建CA证书有效期为一年

用openssl创建CA证书(PEM格式,假如有效期为一年):

openssl req -new -x509 -days 365 -key ca.key -out ca.crt -config openssl.cnf

openssl是可以生成DER格式的CA证书的,最好用IE将PEM格式的CA证书转换成DER格式的CA证书。

3. x509转换为pfx

openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt

4. PEM格式的ca.key转换为Microsoft可以识别的pvk格式

pvk -in ca.key -out ca.pvk -nocrypt -topvk

5. PKCS#12 到 PEM 的转换

openssl pkcs12 -nocerts -nodes -in cert.p12 -out private.pem  验证   openssl pkcs12 -clcerts -nokeys -in cert.p12 -out cert.pem

6. 从 PFX 格式文件中提取私钥格式文件 (.key)

openssl pkcs12 -in mycert.pfx -nocerts -nodes -out mycert.key

7. 转换 pem 到到 spc

   openssl crl2pkcs7 -nocrl -certfile venus.pem  -outform DER -out venus.spc

用 -outform -inform 指定 DER 还是 PAM 格式。例如:

openssl x509 -in Cert.pem -inform PEM -out cert.der -outform DER

8. PEM 到 PKCS#12 的转换

openssl pkcs12 -export -in Cert.pem -out Cert.p12 -inkey key.pem

IIS 证书

cd c:\openssl            set OPENSSL_CONF=openssl.cnf            openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt

server.key和server.crt文件是Apache的证书文件,生成的server.pfx用于导入IIS

9. How to Convert PFX Certificate to PEM Format for SOAP

$ openssl pkcs12 -in test.pfx -out client.pem  Enter Import Password:  MAC verified OK  Enter PEM pass phrase:  Verifying - Enter PEM pass phrase:

FTP时显示500 Illegal PORT command的解决

使用EditPlus打开FTP服务器上的文件时,发现连接不了

在windows的dos窗口用FTP命令去连时,可以登录,但使用ls等命令时,出现:
500 Illegal PORT command.
425 Use PORT or PASV first.
根据提示是被动模式的问题

在EditPlus的FTP设定高级选项中,选上passive FTP mode即可而dos窗口的FTP命令则无法设置为被动模式

FTP主/被动模式的原理
————————————————————————————————————————————————–
FTP是File Transfer Protocol(文件传输协议)的缩写,用来在两台计算机之间互相传送文件相比于HTTP,FTP协议要复杂得多复杂的原因,是因为FTP协议要用到两个TCP连接,一个是命令链路,用来在FTP客户端与服务器之间传递命令;另一个是数据链路,用来上传或下载数据

FTP协议有两种工作方式:PORT方式和PASV方式,中文意思为主动式和被动式

PORT(主动)方式的连接过程是:客户端向服务器的FTP端口(默认是21)发送连接请求,服务器接受连接,建立一条命令链路当需要传送数据时,客户端在命令链路上用PORT命令告诉服务器:我打开了XXXX端口,你过来连接我于是服务器从20端口向客户端的XXXX端口发送连接请求,建立一条数据链路来传送数据

PASV(被动)方式的连接过程是:客户端向服务器的FTP端口(默认是21)发送连接请求,服务器接受连接,建立一条命令链路当需要传送数据时,服务器在命令链路上用PASV命令告诉客户端:我打开了XXXX端口,你过来连接我于是客户端向服务器的XXXX端口发送连接请求,建立一条数据链路来传送数据
概括:
——————————————————————————–
主动模式:服务器向客户端敲门,然后客户端开门
被动模式:客户端向服务器敲门,然后服务器开门

所以,如果你是如果通过代理上网的话,就不能用主动模式,因为服务器敲的是上网代理服务器的门,而不是敲客户端的门
而且有时候,客户端也不是轻易就开门的,因为有防火墙阻挡,除非客户端开放大于1024的高端端口

——————————————————————————–
要用主动模式来下载,请您把下载工具的被动模式(PASV)都不要打勾,用主动模式来下载就OK了,如果在出错,那就被动主动相互转换一下

常见的FTP客户端软件的PASV方式的关闭方法

大部分FTP客户端默认使用PASV方式,PASV模式的意式是被动模式 在大部分FTP客户端的设置里,常见到的字眼都是PASV或被动模式

IE: 工具 -> Internet选项 -> 高级 -> 使用被动FTP(需要IE6.0以上才支持)

CuteFTP: Edit -> Setting -> Connection -> Firewall -> PASV Mode
或 File -> Site Manager,在左边选中站点 -> Edit -> Use PASV mode

FlashGet: 工具 -> 选项 -> 代理服务器 -> 直接连接 -> 编辑 -> PASV模式

FlashFXP: 选项 -> 参数选择 -> 代理/防火墙/标识 -> 使用被动模式
或 站点管理 -> 对应站点 -> 选项 -> 使用被动模式
或 快速连接 -> 切换 -> 使用被动模式

LeapFTP: Option ->Preferences -> General->Proxy->Use Pasv Mode

MOUNT AN SMB NETWORK DRIVE ON RASPBERRY PI

original post: http://geeks.noeit.com/mount-an-smb-network-drive-on-raspberry-pi/

In this tutorial we will describe how to connect your Raspberry Pi to a network drive and permanently mount it to your system. Even though this article uses a Raspberry Pi as an example to connect to an SMB drive, the steps used can be applied to any Debian based system, such as Ubuntu.

If you have a Raspberry Pi you might have noticed that the storage possibilities are kind of limited unless you have some external storage. Even though you can get SD cards with 64+gb of storage, you probably want more if you have a lot of music and movies that you are streaming through your Pi.

There are several choices when it comes to storage for your Pi, such as network drives, flash drives, or external USB HDDs. Using a network drive you can not only access your files from the Pi, but from any computer connected to your network, which is very convenient.

Prerequisites

Before we start, I will assume you already

  1. have a network drive connected to your LAN, and
  2. know its LAN IP address

Note: remember to change all text in red to your own values.

 

Installation

In order to mount the drive, you need to have cifs-utils installed on your system. If you are running a newer version of Raspbian or RaspBMC you should already have this installed. You can check whether it is installed or not by running the following command:

dpkg -s cifs-utils

If it is installed, it should output something like this:

Package: cifs-utils
 Status: install ok installed
 Priority: optional
 Section: otherosfs
 Installed-Size: 189
 Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org> Architecture: armhf
 Version: 2:5.5-1
 ...

If it says that it’s not installed, you need to install it:

sudo apt-get install cifs-utils

 

Mounting unprotected (guest) network folders

You might have public folders on your network drive that can be accessed by anyone without having to provide any credentials. These are mounted in the same way as password-protected folders (we will mount these in the next section), but with a few different options.

First, let’s create a directory on the Pi where we want to mount the directory. You will need a separate directory for each network folder that you want to mount. I will create the folders in the /media folder:

sudo mkdir -p /media/networkshare/public

Then edit your /etc/fstab file (with root privileges) and add this line:

//192.168.0.18/publicshare /media/networkshare/public cifs guest,uid=1000,gid=1000,iocharset=utf8 0 0

The first part is the IP of your network drive, and the public folder you want to mount.
The second part is the folder on your local machine where you want to mount the network share.
The third part indicates what type of drive you want to mount (cifs).

The last part is the set of options you can pass, and here’s an explanation of the ones we are using:

  • guest is basically telling the network drive that it’s a public share, and you don’t need a password to access it (not to confuse with username),
  • uid=1000 makes the Pi user with this id the owner of the mounted share, allowing them to rename files,
  • gid=1000 is the same as uid but for the user’s group,
  • iocharset=utf8 allows access to files with names in non-English languages.

Note: If there is any space in the server path, you need to replace it by \040, for example //192.168.0.18/My\040Documents

To find the uid and gid for your username, use the following command:

id username

Now that we have added this to our /etc/fstab, we need to (re)mount all entries listed in /etc/fstab:

sudo mount -a

Now you can access your network drive from /media/networkshare/public (or wherever you chose to mount it).

 

Mount password-protected network folders

Mounting a password-protected share is very similar to mounting a public ones, with some minor changes to the options we pass. Let’s start by making a new folder where we want to mount the password-protected share:

sudo mkdir -p /media/networkshare/protected

Again, open /etc/fstab (with root privileges), and add this line:

//192.168.0.18/protectedshare /media/networkshare/protected cifs username=msusername,password=mspassword,uid=1000,gid=1000,iocharset=utf8 0 0

While this is a perfectly valid way of mounting your protected folder, it’s not very secure. Since /etc/fstab is readable by everyone, so are your credentials in it. So, let’s make it more secure by using a credentials file. This file will contain nothing else but your username and password, but we will make readable only to you. This way, other users on the system won’t be able to see your credentials.

Using a text editor, create a file that will contain the credentials for your protected network share:

vim ~/.smbcredentials

Enter your username and password for the protected share in the file:

username=msusername
password=mspassword

Save the file.

Change the permissions of the file to make sure only you can read it:

chmod 600 ~/.smbcredentials

Then edit your /etc/fstab file and change the line where we are mounting the protected share to look like this:

//192.168.0.18/protectedhare /media/networkshare/protected cifs credentials=/home/username/.smbcredentials,uid=1000,gid=1000,iocharset=utf8 0 0

Save the file.

Again, we need to (re)mount all entries listed in /etc/fstab:

sudo mount -a

 

Now you’re all set to access your public and protected folders from your Pi.

 

How to wake up a pc by PHP

source: 
http://php.net/manual/en/ref.sockets.php
http://www.rkrishardy.com/2009/12/permission-denied-13-when-opening-socket-in-php-apache/

<?php
/**
 * Wake-on-LAN
 *
 * @return boolean
 *   TRUE:    Socked was created successfully and the message has been sent.
 *   FALSE:   Something went wrong
 *
 * @param string|array  $mac   You will WAKE-UP this WOL-enabled computer, you
 *                             need to add the MAC-address here. Mac can be
 *                             array too.
 *
 * @param string|array  $addr  You will send and broadcast to this address.
 *                             Normally you need to use the 255.255.255.255
 *                             address, so I made it as the default. You don't need to do anything with this.
 *                       
 *                             If you get permission denied errors when using
 *                             255.255.255.255 have permission denied problems
 *                             you can set $addr = false to get the broadcast
 *                             address from the network interface using the
 *                             ifconfig command.
 *
 *                             $addr can be array with broadcast IP values
 *
 * Example 1:
 *   When the message has been sent you will see the message "Done...."
 *   if ( wake_on_lan('00:00:00:00:00:00'))
 *      echo 'Done...';
 *   else
 *      echo 'Error while sending';
 */

function wake_on_lan($mac, $addr=false, $port=7) {
    if ($addr === false){
        exec("ifconfig | grep Bcast | cut -d \":\" -f 3 | cut -d \" \" -f 1",$addr);
        $addr=array_flip(array_flip($addr));
    }
    if(is_array($addr)){
        $last_ret = false;
        for ($i = 0; $i < count($addr); $i++)
            if ($addr[$i] !== false) {
                $last_ret = wake_on_lan($mac, $addr[$i], $port);
            }
        return $last_ret;
    }
    if (is_array($mac)){
        $ret = array();
        foreach($mac as $k =< $v)
            $ret[$k] = wake_on_lan($v, $addr, $port);
        return $ret;
    }
    //Check if it's an real MAC-address and split it into an array
    $mac = strtoupper($mac);
    if (!preg_match("/([A-F0-9]{1,2}[-:]){5}[A-F0-9]{1,2}/", $mac, $maccheck))
        return false;
    $addr_byte = preg_split("/[-:]/", $maccheck[0]);
 
    //Creating hardware adress
    $hw_addr = '';
    for ($a = 0; $a < 6; $a++)//Changing mac adres from HEXEDECIMAL to DECIMAL
        $hw_addr .= chr(hexdec($addr_byte[$a]));
  
    //Create package data
    $msg = str_repeat(chr(255),6);
    for ($a = 1; $a <= 16; $a++)
        $msg .= $hw_addr;
    //Sending data
    if (function_exists('socket_create')){
        //socket_create exists
        $sock = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP);    //Can create the socket
        if ($sock){
            $sock_data = socket_set_option($sock, SOL_SOCKET, SO_BROADCAST, 1); //Set
            if ($sock_data){
                $sock_data = socket_sendto($sock, $msg, strlen($msg), 0, $addr,$port); //Send data
                if ($sock_data){
                    socket_close($sock); //Close socket
                    unset($sock);
                    return true;
                }
            }
        }
        @socket_close($sock);
        unset($sock);
    }
    $sock=fsockopen("udp://" . $addr, $port);
    if($sock){
        $ret=fwrite($sock,$msg);
        fclose($sock);
    }
    if($ret)
        return true;
    return false;  
}

if (@wake_on_lan('00:00:00:00:00:00')) {
    echo 'Done...';
} else {
    echo 'Error while sending';
}
?>

How do I start to to play videos automatically while boot?

Seems like the answer to your question is contained within an other question on this site.

I am trying to play videos automatically when the Raspberry Pi boots. I decided to use crontab for that:

@reboot /storage/.config/autostart.sh

The autostart.sh file contains the following code:

xbmc-send -a “PlayMedia(/storage/videos/)”

The Raspberry Pi successfully automatically starts to play videos from /storage/videos/ directory when it reboots.

Hope that helps.

 

 

This is like asking “How do I fix my car when it won’t start?” Your question is way to broad to answer. The process will remain basically the same form case to case. Here are some steps that you can go through to figure this out.

  1. GOOGLE
  2. Using Terminal, shell, SSH, etc., figure out the command that will start the video as desired.
  3. READ this document to figure out how to turn that shell command into a bash script.http://www.calpoly.edu/~rasplund/script.html
  4. READ this document to figure out how to run that bash script on boothttp://www.cyberciti.biz/faq/linux-execute-cron-job-after-system-reboot/
  5. Reboot, test and troubleshoot.

javascript如何阻止click事件连续触发

中包含一个checkbox,点击时不仅激活checkbox的click事件,还会激活td或者tr的click事件,称作bubble event。

解决方法是:

$(“table tbody td”).click(function(e){
if(e.target.nodeName.toUpperCase() == “INPUT”){
alert(“It’s an input!”);
return;
}else{
alert(“It’s not an input!”);
}
});

How can I kill a process by name instead of PID?

前段时间为了投票,在服务器上面开了N个php进程,每次要退出的时候都要ps -eaf|grep php,然后根据pid一个一个kill,傻傻的操作了很多次。其实早就知道有killall的指令,但一次都没用过。这次实在受不了了,还是查了一下,用下面这个方法挺好

 

kill `pidof php`

备用方法,未验证
export pid=`ps | grep process_name | awk 'NR==1{print $1}' | cut -d' ' -f1`;kill $pid
pkill -f "Process name" 这个试过了,因为是php xxx.php方式,貌似没法用。

树莓派spi液晶屏支持(fbtft)[转]

 

转自 老徐拉灯 的博客

原文地址:http://blog.csdn.net/xdw1985829/article/details/39583239

树莓派官方支持av及HDMI输出,板子上预留了一个csi接口的液晶显示屏,但是一直没有相应的模组出现。在很多应用场合我们需要一些小型的液晶屏显示一些基本的信息,所以小屏驱动很是必要。

在github上有一个开源工程:notro/fbtft,完整的实现了framebuffer驱动,让树莓派完美支持tft液晶,下面对移植过程进行一个简单说明

一、官网地址

工程首页:https://github.com/notro

fbtft源码:https://github.com/notro/fbtft

编译好的固件(基于3.12.25+):https://github.com/notro/rpi-firmware

使用说明(wiki):https://github.com/notro/fbtft/wiki

二、使用编译好的固件(3.12.25+)

环境:树莓派

https://github.com/notro/rpi-firmware

1、打开SPI

树莓派默认spi是关掉的,我们需要打开

sudo vi /etc/modprobe.d/raspi-blacklist.conf

把下面这句话前面的#号删掉

blacklist spi-bcm2708

2、下载:

1)以模块的形式编译进内核(需要手动或脚本加载模块)3.12.25+(试验成功
sudo REPO_URI=https://github.com/notro/rpi-firmware rpi-update
2)直接编译进内核(笔者没有试验
sudo REPO_URI=https://github.com/notro/rpi-firmware BRANCH=builtin rpi-update

3)以模块的形式编译进内核(需要手动或脚本加载模块,最新版本,笔者试过启动不起来,不知道哪出问题

sudo REPO_URI=https://github.com/notro/rpi-firmware BRANCH=latest rpi-update

4)直接下载压缩包,手动安装(适合树莓派不能联网的时候

http://tronnes.org/downloads/2014-06-20-wheezy-raspbian-2014-07-25-fbtft-master-firmware.zip

3、配置

1)手动加载模块:

sudo modprobe fbtft_device name=adafruit22

name后面的名字,要跟相应的液晶驱动芯片移植

笔者使用的液晶芯片为:fb_ra8875,所以这里写的是:er_tftm050_2

其它芯片请查阅:https://github.com/notro/fbtft/blob/master/fbtft_device.c 文件

正常会提示以下信息

fbtft_device:  SPI devices registered:
fbtft_device:      spidev spi0.0 500kHz 8 bits mode=0x00
fbtft_device:      spidev spi0.1 500kHz 8 bits mode=0x00
fbtft_device:  ‘fb’ Platform devices registered:
fbtft_device:      bcm2708_fb id=-1 pdata? no
fbtft_device: Deleting spi0.0
fbtft_device:  GPIOS used by ‘adafruit22’:
fbtft_device:    ‘reset’ = GPIO25
fbtft_device:    ‘led’ = GPIO23
fbtft_device:  SPI devices registered:
fbtft_device:      spidev spi0.1 500kHz 8 bits mode=0x00
fbtft_device:      fb_hx8340bn spi0.0 32000kHz 8 bits mode=0x00

graphics fb1: fb_hx8340bn frame buffer, 176×220, 75 KiB video memory, 16 KiB buffer memory, fps=20, spi0.0 at 32 MHz

在/dev/目录下出现: /dev/fb1设备

2)自动加载模块

sudo vi  /etc/modules

加入以下语句,既可以在启动时自动加载模块

spi-bcm2708

fbtft_device name=er_tftm050_2  speed=28000000 fps=25 verbose=0

红色部分根据实际情况调整,可能出现花屏现象
4、使用(官方给出的方法,笔者测试不成功)

1)手动启动x11和控制台到新的液晶屏
X Windows显示在fb1上:
$FRAMEBUFFER=/dev/fb1 startx

Console显示在fb1上:
$con2fbmap 1 1

2)自动登陆x11

sudo vi /etc/inittab
#1:2345:respawn:/sbin/getty –noclear 38400 tty1
1:2345:respawn:/bin/login -f pi tty1 </dev/tty1 >/dev/tty1 2>&1

sudo vi /etc/rc.local

su -l pi -c “env FRAMEBUFFER=/dev/fb1 startx &”

5、使用(笔者使用这个测试通过)

1)将fb0上的内容直接拷贝到fb1上,fb0和fb1同步

https://github.com/notro/fbtft/wiki/Framebuffer-use#framebuffer-mirroring

$git clone https://github.com/tasanakorn/rpi-fbcp

$cd rpi-fbcp/
$mkdir build
$cd build/
$cmake ..
$make
$sudo install fbcp /usr/local/bin/fbcp

启动:fbcp &

关闭fbcp:killall fbcp

2)启动时使用fb1

$sudo apt-get install xserver-xorg-video-fbdev

$sudo vi /usr/share/X11/xorg.conf.d/99-fbdev.conf

加入以下语句:

Section “Device”
Identifier “myfb”
Driver “fbdev”
Option “fbdev” “/dev/fb1”
EndSection

启动:startx

 

测试:

apt-get -y install fbi

fbi -d /dev/fb1 -T 1 -noverbose -a test.jpg

三、由内核及源码编译

1、下载、编译内核源码:

请见《树莓派开发系列教程8——树莓派内核编译与固件升级

2、下载、编译fbtft源码

$cd linux(进入下载好的内核源码目录)

$cd drivers/video

$git clone https://github.com/notro/fbtft.git(下载fbtft源码,也可以在别的地方下载好,拷贝过来)

   修改内核源码的Kconfig及Makefine

  Add to drivers/video/Kconfig:   source “drivers/video/fbtft/Kconfig”

  Add to drivers/video/Makefile:  obj-y += fbtft/

$make menuconfig(在配置界面加入所选用液晶的驱动支持)

  1.  Device Drivers  —>
  2.  Graphics support  —>
  3. <M> Support for small TFT LCD display modules  —>
  4. <M>   FB driver for the HX8353D LCD Controller
  5. <M>   FB driver for the ILI9320 LCD Controller
  6. <M>   FB driver for the ILI9325 LCD Controller
  7. <M>   FB driver for the ILI9340 LCD Controller
  8. <M>   FB driver for the ILI9341 LCD Controller
  9. < >     FB driver for the ILI9481 LCD Controller
  10. <M>   FB driver for the ILI9486 LCD Controller
  11. <M>   FB driver for the PCD8544 LCD Controller
  12. <M>   FB driver for the RA8875 LCD Controller

$make

基于树莓派Raspberry: 字符设备内核驱动程序框架编写[转]

之前写了一篇移植2.4寸TFT驱动到树莓派的文章,那篇博文中的驱动代码是国外大牛写的,看了一下,还是有很多地方没理解,是得好好再学习一下内核驱动的编写,这里就从字符设备驱动开始,采用最简单的LED驱动来建立内核驱动移植的驱动框架.

个人原创,转载请注明原文出处:

http://blog.csdn.net/embbnux/article/details/17712547

参考文章:

http://blog.csdn.net/hcx25909/article/details/16860725

内核驱动与普通单片机模块驱动的差别就是在于,写内核驱动的时候,要提供内核调用的接口,使内核能找到相应的驱动入口,用户通过告诉内核要干嘛,内核再去调用那个驱动,驱动的最底层和单片机模块是一样的,同样是对GPIO的操作,配置输入输出,以及某些特殊的寄存器. LED的点亮就是对GPIO的操作 .

对于ARM的GPIO调用需要通过IO映射的方法,要操作内存上对应的地址.

对于bcm2708上的io对应关系,可以查看bcm2835的手册,和stm32基本上是一样的,因为同为ARM体系:SouthEast

我参考的那博客讲这个比较清楚,可以参考下,由于树莓派的内核以及很好的提供了GPIO调用的接口,即把内存操作封装了很好,这里就不像那篇博客那样再自己写函数通过内存操作来进行GPIO操作,觉得有点麻烦,但是对于学好底层很有用.

  一  首先上个驱动程序

 

这里直接把该程序添加到内核的源码目录里面,也可在自己的目录下,但是要写Makefile.

在/drivers/char/新建rasp_led.c,内核中的kconfig文件和makefile文件,参照前一篇文章

led.c:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
/********************************************************************/
/***************Rasp led 驱动程序************************************/
/***************作者: Embbnux Ji*************************************/
/***************博客: http://blog.csdn.net/embbnux/ *****************/
/********************************************************************/
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/device.h>
#include <mach/platform.h>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
#include <linux/platform_device.h>
#include <linux/types.h>
#include <linux/fs.h>
#include <linux/ioctl.h>
#include <linux/cdev.h>
#include <linux/delay.h>
#include <linux/uaccess.h>
#include <linux/init.h>
#include <linux/gpio.h>
#define DEVICE_NAME "Pi_Led"
#define DRIVER_NAME "pi_led"
//class声明内核模块驱动信息,是UDEV能够自动生成/dev下相应文件
static dev_t pi_led_devno; //设备号
static struct class *pi_led_class;
static struct cdev pi_led_class_dev;
struct gpio_chip *gpiochip;
#define led_pin 4 //gpio 4
//这部分函数为内核调用后open的设备IO操作,和裸板程序一样
int open_flag=0;
static int pi_led_open(struct inode *inode, struct file *filp)
{
 printk("Open led ing!\n");
 if(open_flag ==0){
 open_flag =1;
 printk("Open led success!\n");
 return 0;
 }
 else{
 printk("Led has opened!\n");
 }
 return 0;
}
//这部分函数为内核调用后ioctl的设备IO操作,和裸板程序一样
static long pi_led_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
{
 switch(cmd){
 case 0:
 gpiochip->set(gpiochip, led_pin, 0);
 printk("Led up!\n");
 break;
 case 1:
 gpiochip->set(gpiochip, led_pin, 1);
 printk("Led down!\n");
 break;
 }
 return 0;
}
static int pi_led_release(struct inode *inode,struct file *file){
 printk("Led has release!\n");
 return 0;
}
//file_operations使系统的open,ioctl等函数指针指向我们所写的led_open等函数,
//这样系统才能够调用
static struct file_operations pi_led_dev_fops = {
 .owner =THIS_MODULE,
 .open =pi_led_open,
 .unlocked_ioctl = pi_led_ioctl,
 .release = pi_led_release,
};
static int is_right_chip(struct gpio_chip *chip, void *data)
{
if (strcmp(data, chip->label) == 0)
 return 1;
 return 0;
}
//内核加载后的初始化函数.
static int __init pi_led_init(void)
{
 struct device *dev;
 int major; //自动分配主设备号
 major = alloc_chrdev_region(&pi_led_devno,0,1,DRIVER_NAME);
 //register_chrdev 注册字符设备使系统知道有LED这个模块在.
 cdev_init(&pi_led_class_dev, &pi_led_dev_fops);
 major = cdev_add(&pi_led_class_dev,pi_led_devno,1);
 //注册class
 pi_led_class = class_create(THIS_MODULE,DRIVER_NAME);
 dev = device_create(pi_led_class ,NULL,pi_led_devno,NULL,DRIVER_NAME);
 gpiochip = gpiochip_find("bcm2708_gpio", is_right_chip);
 gpiochip->direction_output(gpiochip, led_pin, 1);
 gpiochip->set(gpiochip, led_pin, 0);
 printk("pi led init ok!\n");
 return 0;
}
//内核卸载后的销毁函数.
void pi_led_exit(void)
{
 gpio_free(led_pin);
 device_destroy(pi_led_class,pi_led_devno);
 class_destroy(pi_led_class);
 cdev_del(&pi_led_class_dev);
 unregister_chrdev_region(pi_led_devno, 1);
 printk("pi led exit ok!\n");
}
module_init(pi_led_init);
module_exit(pi_led_exit);
MODULE_DESCRIPTION("Rasp Led Driver");
MODULE_AUTHOR("Embbnux Ji < http://blog.csdn.net/embbnux >");
MODULE_LICENSE("GPL");

二  源码框架分析

我们首先从内核模块的入口,module_init(pi_led_init)这个函数看起,可以看出初始化后调用pi_led_init这个函数.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
//内核加载后的初始化函数.
static int __init pi_led_init(void)
{
 struct device *dev;
 int major; //自动分配主设备号
 major = alloc_chrdev_region(&pi_led_devno,0,1,DRIVER_NAME);
 //register_chrdev 注册字符设备使系统知道有LED这个模块在.
 cdev_init(&pi_led_class_dev, &pi_led_dev_fops);
 major = cdev_add(&pi_led_class_dev,pi_led_devno,1);
 //注册class
 pi_led_class = class_create(THIS_MODULE,DRIVER_NAME);
 dev = device_create(pi_led_class ,NULL,pi_led_devno,NULL,DRIVER_NAME);
 gpiochip = gpiochip_find("bcm2708_gpio", is_right_chip);
 gpiochip->direction_output(gpiochip, led_pin, 1);
 gpiochip->set(gpiochip, led_pin, 0);
 printk("pi led init ok!\n");
 return 0;
}

初始化时首先分配给这个函数设备号,注册该设备,通过class注册使能够在/dev/目录下自动生成相应的设备文件,用户通过操作这个文件,来告诉内核怎么做.

由于是字符设备,所以对该文件的操作通过open,write,ioctl等函数,所以要把这个函数和底层的操作函数对应起来,这就要用到file_operation这个结构体,来声明:

1
2
3
4
5
6
7
8
//file_operations使系统的open,ioctl等函数指针指向我们所写的led_open等函数,
//这样系统才能够调用
static struct file_operations pi_led_dev_fops = {
 .owner =THIS_MODULE,
 .open =pi_led_open,
 .unlocked_ioctl = pi_led_ioctl,
 .release = pi_led_release,
};

这里就让open函数对应到pi_led_open函数,ioctl函数对应到pi_led_ioctl函数;

然后我们就只需要编写相应的pi_led_open以及pi_led_ioctl;这些函数里面的操作就是最底层的GPIO操作,和单片机是一样的.

三  GPIO操作

内核里面的GPIO操作函数,被定义在#include <linux/gpio.h>,这个头文件里面,树莓派官方做好了树莓派的GPIO在内核里面的注册,所以调用gpio.h里面的函数即可进行树莓派的GPIO操作.

1
gpiochip = gpiochip_find("bcm2708_gpio", is_right_chip);

通过上面这个函数把内核的GPIO操作和BCM2708的GPIO操作关联起来;

bcm2708的操作可以查看/arch/arm/mach-bcm2708/bcm2708_gpio.c文件,具体也是对内存地址的操作:

1
2
3
4
5
6
7
8
9
10
11
12
13
#define GPIOFSEL(x) (0x00+(x)*4)
#define GPIOSET(x) (0x1c+(x)*4)
#define GPIOCLR(x) (0x28+(x)*4)
#define GPIOLEV(x) (0x34+(x)*4)
#define GPIOEDS(x) (0x40+(x)*4)
#define GPIOREN(x) (0x4c+(x)*4)
#define GPIOFEN(x) (0x58+(x)*4)
#define GPIOHEN(x) (0x64+(x)*4)
#define GPIOLEN(x) (0x70+(x)*4)
#define GPIOAREN(x) (0x7c+(x)*4)
#define GPIOAFEN(x) (0x88+(x)*4)
#define GPIOUD(x) (0x94+(x)*4)
#define GPIOUDCLK(x) (0x98+(x)*4)

这里定义的就是相应的GPIO寄存器的地址.

四  测试程序

ssh进入树莓派,在主目录下新建led.c

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
#include<stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
 #include <sys/ioctl.h>
 #include <sys/time.h>
 int main(int argc, char **argv)
 {
 int on;
 int led_no;
 int fd;
 int i;
fd = open("/dev/pi_led", 0);
 if (fd < 0) {
 fd = open("/dev/pi_led", 0);
 }
 if (fd < 0) {
 perror("open device led");
 exit(1);
 }
for(i=0;i<=20;i++){
on = i%2;
ioctl(fd, on, led_no);
sleep(1);
}
close(fd);
return 0;
}

Center

加载postgres模块后apache无法启动

想在本地搭建一个PostgreSQL的运行环境,完成之后,始终在apache/php环境无法加载postgresql模块。启动的时候无法加载libpq.dll,将postgresql的libpq拷贝到php目录无效,拷贝到windows目录无效,拷贝到windows\system32目录也无效,只好在网上找解决方法。搜到以下方法:

refering to the libpq.dll that comes bundled with PHP, like this:

LoadFile “C:/php/libpq.dll”

(原文地址:http://stackoverflow.com/questions/551734/php-not-loading-php-pgsql-dll-on-windows)

在http.conf文件中增加这一行,完美解决。其实这个答案之前有混淆的问题,比如加载pg目录的libpq.dll,似乎无效,只能用php目录里面自带的libpq.dll。

Firefox 调试 插件/扩展

在一个项目中要开发一个firefox的扩展,结果一直没找到好的调试方法,痛苦的要命。之前在网上找到用chromebug,试了很多次都没有成功,只好在代码里面用代码打印到控制台。

项目已经过去了很久,最近需要修改点代码,重新遇到调试的问题,在网上又搜了一遍,找到了一个方法,测试了一下,居然可以设置断点调试了,可喜可贺。

方法就是修改firefox的设置,在地址栏输入about:config,然后允许chrome调试和远程调试:

devtools.chrome.enable => true

devtools.debugger.remote-enable => true

然后在firefox里Tools > Web Developer > Browser Console.,打开调试窗口,里面有个debugger,这里就可以开始了。

 

以下是原文和地址

http://stackoverflow.com/questions/17547364/how-to-debug-a-firefox-extension-with-chromebug/17579253#17579253

Update April 2014: The browser debugger is now integrated in the “Browser Toolbox” and you no longer need to set about:config prefs. Just use the developer tools configuration/settings panel: “enable chrome debugging” and “enable remote debugging”. The “Browser Toolbox” will then be available in the developer tools panel.

Chromebug has not worked for me for many months. I think it’s just been silently abandoned but thankfully on Firefox 19 or later, it’s possible to use the built-in JS debugger on the browser itself. Go to about:config and set the following two prefs:

devtools.chrome.enabled: true
devtools.debugger.remote-enabled: true

After you restart the browser, the Web Developer menu will contain a “Browser Debugger” entry.

More info here: https://developer.mozilla.org/en/docs/Debugging_JavaScript

If possible, I’d suggest using Aurora for your debugging because the built-in debugger was a little limited when first launched and keeps getting better with every release.