[非原創]XP VISTA下的管理網路密碼 WIN7 在哪設呢?

http://social.technet.microsoft.com/Forums/zh-TW/0830dc3d-274b-4af8-8e1e-98328003edcb/xp-vista-win7-?forum=windows7cht

 

從Windows 7 開始,已經被另外整合到 [認證管理員] 裡了。
在[開始] -> [控制台] -> [使用者帳戶和家庭安全] -> [認證管理員]。

過去在XP/Vista可執行的指令「control userpasswords2」,
其實仍然可以使用,只是變成要在 [命令提示字元] 裡執行,
但最後管理網路密碼的視窗頁面,
同樣是呼叫 [認證管理員] 。

debian rsyncd 安裝

參考資料

http://www.linuxawy.org/node/12

rsync is a great tool for synchronizing 2 directories (or files) either one of them is remote and the other is local, or 2 local folders (it doesn’t support synchronizing 2 remote servers, yet). the power of rsync comes from that it doesn’t transfer anything unless it detects that it’s changes since last run. moreover, it transfer the changes in files only (unless you specified otherwise), and it can even compress files before sending which makes it ideal for continuous backups and mirroring.

to use rsync, you have 2 options. either to start rsync daemon which handles the connections, or use it through ssh tunnel. each way has its positives and negatives. rsync daemon is indeed faster in intiating connections cause it doesn’t exchange keys or encrypt data, which makes its load on the server is less too. the overhead of keeping the daemon alive is so small that you can simply ignore. the ssh tunnel doesn’t require a special configuration on the server side, but you must have ssh access to the server, which means that you can’t grant anonymouse access to your data. the main positive of ssh tunnel is that data is sent through the secure tunnel and can’t be sniffed.

  1. to connect through ssh tunnel: first, you’ll need to install rsync:
    apt-get install rsync
    then you are ready, just issue the command directly
    rsync -avz -e ssh remoteuser@remotehost:/remote/dir /this/dir/
    remember to check the permissions for ssh user on the remote server. (the remote server must have rsync installed too).
  2. to connect through rsync server:
    1. install rsync:
      apt-get install rsync
    2. create “/etc/rsyncd.conf” and put the following in it:
      max connections = 1
      log file = /var/log/rsync.log
      timeout = 300
      [cache]
      comment = Cache of Mongrels
      path = /usr/local/cache
      read only = no
      list = yes
      uid = nobody
      gid = nogroup
      #auth users = mongrel
      list = yes
      hosts allow = 127.0.0.0/8 192.168.0.0/24
      #secrets file = /etc/rsyncd.secrets

      note that the first few lines are global (for all modules) and the other one is specital for the public module.
      comment the last two lines to grant anonymouse access, note that you can still limit by ip/netmask

    3. create ”/etc/rsyncd.secret”, and put the usernames and passwords for the ones who can access rsync, in the form of username:password , note that passwords are saved here as clear text. so don’t forget to chmod it to 400 to keep the passwords somehow safe
    4. make rsync to start as daemon:
      edit ”/etc/inetd.conf” and put the following line in the end:
      rsync stream tcp nowait root /usr/bin/rsync rsync –daemon
    5. voila, you are done, test your settings by typing:
      rsync rsync://your_ip_or_domain_name/
      this should list the modules
      rsync rsync://your_ip_or_domain_name/public
      this shuold list the files in your ‘public’ modules
      rsync -avz rsync://your_ip_or_domain_name/public
      synchronozing should start the transfer now.
      don’t forget to check the rsync man page to check what flags do you really need.

XenServer – 新增儲存裝置 – 硬碟

1、在安裝好設備後,開機執行 fdisk -l 應該可以看到目前的狀況
# fdisk -l
Disk /dev/sda: 2000.3 GB, 2000398934016 bytes
255 heads, 63 sectors/track, 243201 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev/sda1 * 1 523 4194304 83 Linux
Partition 1 does not end on cylinder boundary.
/dev/sda2 523 1045 4194304 83 Linux
/dev/sda3 1045 243201 1945123393 8e Linux LVM

Disk /dev/sdb: 2000.3 GB, 2000398934016 bytes
255 heads, 63 sectors/track, 243201 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

2、先建立分割 /dev/sdb,在分割後重新開機
# fdisk /dev/sdb
/dev/sdb1 1 121578 976567252+ 8e Linux LVM

3、建立 PV
pvcreate /dev/sdb1

4、查詢目前 VG 資訊並將 /dev/sdb1加入
# vgscan
Reading all physical volumes. This may take a while…
Found volume group “VG_XenStorage-f528bb39-bdf3-53a2-2a1a-553bb21e886e” using metadata type lvm2

#vgextend VG_XenStorage-f528bb39-bdf3-53a2-2a1a-553bb21e886e /dev/sdb1

5、最後重新開機後就可以在 XenCenter 的 Storage 應該可以看到硬體空間有變動

PS:如果不想加入既有的 VG ,則可以另外建立一個 Storage,如下
1、分割磁碟
# fdisk /dev/sdb
/dev/sdb2 1 121578 976567252+ 8e Linux LVM

2、查詢UUID
ls -l /dev/disk/by-path

3、掛載分割區到系統
#xe sr-create type=lvm content-type=user device-config:device=/dev/disk/by-path/pci-0000:00:1f.2-scsi-1:0:1:0-part3 name-label=”Disk 2″
92a4c7b7-56f5-d598-fa5e-cb1ecaa9c6ef

PS:最後到 XenCentor 的 storage 就可以看到分割區已經掛載

squid利用delay_pools來限制上網速度

其實squid是可以限制速度的

可用delay_pool參數

詳細可參考官方資料 http://wiki.squid-cache.org/Features/DelayPools

Feature: Delay Pools

  • Goal: To provide a way to limit the bandwidth of certain requests based on any list of criteria.
  • Status: Completed
  • Version: 2.2+
  • Developer: David Luyer

 

 

Delay Pools

by David Luyer.

To enable delay pools features in Squid configure with –enable-delay-pools before compilation.

 

Terminology for this FAQ entry:

pool
a collection of bucket groups as appropriate to a given class
bucket group
a group of buckets within a pool, such as the per-host bucket group, the per-network bucket group or the aggregate bucket group (the aggregate bucket group is actually a single bucket)
bucket
an individual delay bucket represents a traffic allocation which is replenished at a given rate (up to a given limit) and causes traffic to be delayed when empty
class
the class of a delay pool determines how the delay is applied, ie, whether the different client IPs are treated separately or as a group (or both)
class 1
a class 1 delay pool contains a single unified bucket which is used for all requests from hosts subject to the pool
class 2
a class 2 delay pool contains one unified bucket and 255 buckets, one for each host on an 8-bit network (IPv4 class C)
class 3
contains 255 buckets for the subnets in a 16-bit network, and individual buckets for every host on these networks (IPv4 class B )
class 4
as class 3 but in addition have per authenticated user buckets, one per user.
class 5
custom class based on tag values returned by external_acl_type helpers in http_access. One bucket per used tag value.

Delay pools allows you to limit traffic for clients or client groups, with various features:

  • can specify peer hosts which aren’t affected by delay pools, ie, local peering or other ‘free’ traffic (with theno-delay peer option).
  • delay behavior is selected by ACLs (low and high priority traffic, staff vs students or student vs authenticated student or so on).
  • each group of users has a number of buckets, a bucket has an amount coming into it in a second and a maximum amount it can grow to; when it reaches zero, objects reads are deferred until one of the object’s clients has some traffic allowance.
  • any number of pools can be configured with a given class and any set of limits within the pools can be disabled, for example you might only want to use the aggregate and per-host bucket groups of class 3, not the per-network one.

This allows options such as creating a number of class 1 delay pools and allowing a certain amount of bandwidth to given object types (by using URL regular expressions or similar), and many other uses I’m sure I haven’t even though of beyond the original fair balancing of a relatively small traffic allocation across a large number of users.

 

There are some limitations of delay pools:

  • delay pools are incompatible with slow aborts; quick abort should be set fairly low to prevent objects being retrieved at full speed once there are no clients requesting them (as the traffic allocation is based on the current clients, and when there are no clients attached to the object there is no way to determine the traffic allocation).
  • delay pools only limits the actual data transferred and is not inclusive of overheads such as TCP overheads, ICP, DNS, ICMP pings, etc.
  • it is possible for one connection or a small number of connections to take all the bandwidth from a given bucket and the other connections to be starved completely, which can be a major problem if there are a number of large objects being transferred and the parameters are set in a way that a few large objects will cause all clients to be starved (potentially fixed by a currently experimental patch).
  • in Squid 3.1 the class-based pools do not work yet with IPv6 addressed clients.
  • In squid older than 3.1 the delay pool bucket is limited to 32-bits and thus has a rather low MB cap on both bucket content and refill rate. The bucket size is now raised to 64-bit ‘unlimited’ values, but refill rate remains low.

 

How can I limit Squid’s total bandwidth to, say, 512 Kbps?

 

delay_pools 1
delay_class 1 1
delay_access 1 allow all
delay_parameters 1 64000/64000          # 512 kbits == 64 kbytes per second

The 1 second buffer (max = restore = 64kbytes/sec) is because a limit is requested, and no responsiveness to a burst is requested. If you want it to be able to respond to a burst, increase the aggregate_max to a larger value, and traffic bursts will be handled. It is recommended that the maximum is at least twice the restore value – if there is only a single object being downloaded, sometimes the download rate will fall below the requested throughput as the bucket is not empty when it comes to be replenished.

 

How to limit a single connection to 128 Kbps?

You can not limit a single HTTP request’s connection speed. You can limit individual hosts to some bandwidth rate. To limit a specific host, define an acl for that host and use the example above. To limit a group of hosts, then you must use a delay pool of class 2 or 3. For example:

 

acl only128kusers src 192.168.1.0/24
delay_pools 1
delay_class 1 3
delay_access 1 allow only128kusers
delay_access 1 deny all
delay_parameters 1 64000/64000 -1/-1 16000/64000

For an explanation of these tags please see the configuration file.

The above gives a solution where a cache is given a total of 512kbits to operate in, and each IP address gets only 128kbits out of that pool.

 

How do you personally use delay pools?

We have six local cache peers, all with the options ‘proxy-only no-delay’ since they are fast machines connected via a fast ethernet and microwave (ATM) network.

For our local access we use a dstdomain ACL, and for delay pool exceptions we use a dst ACL as well since the delay pool ACL processing is done using “fast lookups”, which means (among other things) it won’t wait for a DNS lookup if it would need one.

Our proxy has two virtual interfaces, one which requires student authentication to connect from machines where a department is not paying for traffic, and one which uses delay pools. Also, users of the main Unix system are allowed to choose slow or fast traffic, but must pay for any traffic they do using the fast cache. Ident lookups are disabled for accesses through the slow cache since they aren’t needed. Slow accesses are delayed using a class 3 delay pool to give fairness between departments as well as between users. We recognize users of Lynx on the main host are grouped together in one delay bucket but they are mostly viewing text pages anyway, so this isn’t considered a serious problem. If it was we could take those hosts into a class 1 delay pool and give it a larger allocation.

I prefer using a slow restore rate and a large maximum rate to give preference to people who are looking at web pages as their individual bucket fills while they are reading, and those downloading large objects are disadvantaged. This depends on which clients you believe are more important. Also, one individual 8 bit network (a residential college) have paid extra to get more bandwidth.

The relevant parts of my configuration file are (IP addresses, etc, all changed):

 

# ACL definitions
# Local network definitions, domains a.net, b.net
acl LOCAL-NET dstdomain a.net b.net
# Local network; nets 64 - 127.  Also nearby network class A, 10.
acl LOCAL-IP dst 192.168.64.0/18 10.0.0.0/8
# Virtual i/f used for slow access
acl virtual_slowcache myip 192.168.100.13
# All permitted slow access, nets 96 - 127
acl slownets src 192.168.96.0/19
# Special 'fast' slow access, net 123
acl fast_slow src 192.168.123.0/24
# User hosts
acl my_user_hosts src 192.168.100.2/31
# Don't need ident lookups for billing on (free) slow cache
ident_lookup_access allow my_user_hosts !virtual_slowcache
ident_lookup_access deny all
# Security access checks
http_access [...]
# These people get in for slow cache access
http_access allow virtual_slowcache slownets
http_access deny virtual_slowcache
# Access checks for main cache
http_access [...]
# Delay definitions (read config file for clarification)
delay_pools 2
delay_initial_bucket_level 50
delay_class 1 3
delay_access 1 allow virtual_slowcache !LOCAL-NET !LOCAL-IP !fast_slow
delay_access 1 deny all
delay_parameters 1 8192/131072 1024/65536 256/32768
delay_class 2 2
delay_access 2 allow virtual_slowcache !LOCAL-NET !LOCAL-IP fast_slow
delay_access 2 deny all
delay_parameters 2 2048/65536 512/32768

The same code is also used by a some of departments using class 2 delay pools to give them more flexibility in giving different performance to different labs or students.

 

Where else can I find out about delay pools?

This is also pretty well documented in the configuration file, with examples. Squid install with a squid.conf.documented or squid.conf.default file. If you no longer have a documented config file the latest version is provided on the squid-cache.org website.

 


 

[轉帖] 接案的攻防 ~ 不輕易報價

來源 http://www.programmer-club.com/showsametitlen/caseexp/1590.html

2006/2/16 下午 09:38:50

我不是什麼高手, 只是在此分享一些報價的心得…

這年頭, 什麼都能騙, 怎麼都不奇怪. 想接案, 撇開專業技術, 首先要學會報價. 我承認, 為了學會報價, 我著實吃了不少苦頭, 白費許多心力, 但慘痛的經驗終究還是值得的。

狀況一 :
當客戶說 「我們SA/SD已經 90% ,就剩下 Coding , 因為人手不夠, 所以要外包」,「如果是由我們的工程師來做,2W就能完成」

我回想以前接過的客戶電話, 應該有 50%都是類似的說法。這種客戶, 不用報價,理由是:

1) 客戶一開始擺明就是要廉價
2) 客戶自己做2W就能完成, 真是太簡單了, 把人手擠出來, schedue協調一下, 給工程師專心做2W就能解決, 何必外包. 會講 2W , 只是想表示難度不高, 可短期間完成, 應該很便宜。
3) 客戶說 SA/SD已經 90%, 那麼 10%呢? 這意味 “Change” 的風險很高. 光這一點, 講2W完成就有些自相矛盾。

其實這種客戶, 別說是報價, 最好是列入灰名單, 別一廂情願以為合作會有好結果。等對方下次提出一個 “合理” 的狀況再說。

狀況二:
「我們有一個案子, 是做銀行的XX系統, 如有興趣, 來我們公司詳談」

兩年前的我, 只要時間能安排, 一定去拜訪。 每次去談, 對方都會想要我當場報價, 有的還會問我要如何做, 該考量哪些問題… 回公司後, 我還會用心的寫一份簡式的計劃書 + 報價(初估) , 然後就沒下文。Run了 5 ,6次後, 我才發覺不對。

客戶不用花半毛錢, 就能得到 計劃書 + 報價 , 甚至是免費的諮詢, 但不等於給我承作。沒錯, 客戶可以有選擇權, 但我為何卻要選擇先”投資”呢? 值得嗎? 我相信見人見智, 但我選擇應該要學會用最經濟的手段得到80分的效益。至少, 隨隨便便就出門, 利潤也就隨隨便便的流失。

後來我學會在電話中先作過濾, 例如:

1) 先問預算
這是很基本的, 想外包, 怎可能會沒預算? 尤其, 客戶說 Unlimit, 或就是不肯說的, 我認為十之八九都
有鬼。雖然站在客戶立場, 一開始就講出預算, 好像就露了底牌。 但經驗告訴我, 真正想發案的客戶,
其實都會講預算, 除非是我沒主動問。

2) 問希望的時程
基本上, 只要是那種擺明就是要廠商 “趕工” 的case, 最好不要接.

3) 確定這是個 “賺錢”的系統
我說的 “賺錢”不是指接案者能賺多少錢, 而是承作的這套系統是否真正為客戶賺錢。若客戶其實是
統包, 一開始就擺明他們也是賠錢, 沒賺多少, 那麼不要猶豫, 不要理他。如果客戶就是系統的End
User, 簡單的套出該系統可能供獻給客戶的效益, 通常這種案子的成交價會容易皆大歡喜。

4) 確認客戶的 “動機”
有的客戶其實是有工程師, 甚至是一整個team, 卻又為何要發包? 不要懷疑, 尤其客戶本身也是在
承作IT系統專案開發的, 這類客戶的發包動機有些其實很不單純。騙報價, 騙計劃書, 騙技術… 有的
甚至是硬ㄠ不給錢!!

 


 

2006/2/17 下午 04:49:11

寫的真好!!

我也有小心得分享..

要接案前, 要先有不接的準備. 有這樣子的心態, 在談判時, 較不會落入求客戶給我工作的情勢. 只有不落入這種情勢, 才能有主導權.

不要接賺錢辛苦的公司及公司規模太小的案子. 接這些公司的案子, 總價低, 收錢難度高. 最重要的是: 他們沒辦法介紹後續的工作給你…

另外, 不要太積極的去追你認為有機會的客戶… 接case跟賣產品不太一樣. 產品是賣愈多愈好. 接case同時只能接一個, 要接就要接好case. 如果客戶跟你連絡後, 突然沒有下文… 千萬不要打電話去問. 因為問了後會形成以下後果: 1. 你在求他給你case.. 2. 價格很難開的好. 3. 通常還是接不到. 如果, 你真的是他們的最佳人選, 他們會回來找你的. 如果不是, 何苦強求自己呢?

大眾需求的軟體(ex: 會計, 進銷存), 千萬不要接, 而且要鼓勵客戶去買其他人做的產品. 因為你接了後, 1. 價格面客戶不會滿意的. 2. 品質面, 要如何跟現成開發了好幾年的產品拚呢?

最後, SOHO要能永續經營, 必需要走高價位… 2年接1案就可活的價位才是合理價位. 1. 只有這種價位, 你才能提供好的服務給客戶. 2. 這種價位會跟一般公司開的價格差不多. 沒有比較貴, 但省下的公司營運成本, 我們能提供更好的品質與服務. 3. 不要去做耳熟能詳的東西…

 


2006/2/17 下午 05:16:45

Cancer說的沒錯, 這就是「騙報價」的動機。所以, 我通常採取狀況二的攻防手段, 明快判斷客戶的動機為何。

接下來繼續..
狀況三.
「我們有個專案想委外, 有需求文件可以先寄給你參考, 看完後請報價….」

鮮少有客戶會主動給需求文件給接案者做為報價的參考, 但別太高興, 根據我的經驗, 這種case有 80%是轉包的, 這種客戶講好聽是統包商, 講難聽就是蟑螂。當我接到客戶的電話
一定養成習慣的問清楚

“對方公司寶號” 及 “請問您貴姓, 聯絡電話”

等收到文件, 會做下列處置:

1) 從文件找線索, 找出來源.
如果是Word/Excel, 我開啟檔案第一件事就是看 「摘要資訊」。Why? 因為就是
有這種電腦白癡, 以為把End-user給的RFP內文的”關鍵詞”去頭去尾加Replace就
神不知鬼不覺! 其實, 我看過多數會認真寫RFP的End-user, 均會習慣把專案名稱,
公司, 作者等訊息填在「摘要資訊」。另外, 如果是 Word檔, 還可以check 「追蹤
修訂」, 看看白癡蟑螂會不會笨到忘記這個 “Friendly”的功能可能給自己洩了底.
如果很幸運地, 被我找到關鍵詞, 例如: 專案名, 公司, 作者等.. 我會利用Google
用力搜。

2) 善用官方資源, 查客戶的底細
下列官方網址相當不錯用

http://210.69.121.50/~doc/ce/cesc1110.html

我會查看客戶公司的 資本額, 成立多久的公司, 負責人, 股東成員。有時候, 我在
接聽客戶電話的同時, 就會進這官網 “同步” 查詢該客戶公司。此外, 也同樣會利用
Google, 用公司名稱搜尋, 用負責人名稱搜尋, 用股東成員名稱搜尋… 為何我要這
麼 “仔細”查? 理由如下:

a. 商場爾虞我詐
b. 評估客戶的 “財力” , 這對報價是很有助力
c. 可以防範若干已經是家喻戶曉的ㄠ客
d. 嚇嚇客戶, 讓他知道, 我是有做過 “功課” , dont play me!
e. 曾經就有個白癡蟑螂, 被我透過前述的方法, 得知其實是政府某單位的IT系統的
標案, 而且有預算, 還沒結標. 呵呵, 該標案預算是 2佰多, 該蟑螂竟然說他預算
約 1 佰多, 而且還要我給計劃書. 這就是「騙計劃書」的動機之一 ! 最後, 我告訴
他, 我們公司可以替客戶寫投標書, 但最便宜的一份也要 NTD 10萬. 對方就謝謝
再聯絡。

3) 仔細看文件內容, 有幾個項目必須特別注意 ,這是一般技術腦袋的接案者最常忽略
的:
a. 是”承攬” 還是 “委託” , 這攸關 “系統責任” 問題
b. 文件的解釋權? 有些甲方很ㄠ, 會特別寫解釋權在甲方, 就是他怎樣說就是怎樣
c. 著作權界定
d. 如果保固維護, server level
e. 有無罰責, 押金
f. 如何payment?
g. 如何驗收?
h. 有無競業禁止條款

其實還有好多, 我只是挑出我認為 “技術人” 最常乎略的環節.

4) expert judgment
平常就要廣結良緣, 這時候就挺有幫助的, 可以藉此打聽專案. 這業界真的很小, 有些
時候隨便打聽, 正好是該案的RFP作者是我同學, 已經綁標了, 呵呵

最後最後, 當然還是要給客戶一個答覆, 這時候, 仍然不能報價, 因為, 還是不能 “肯定” 對方
是玩真的還是玩假的. 我喜歡把這過程形容像是在釣魚, 釣魚是要有耐心的. 對魚要有耐心,
對湖水要有耐心, 對氣候環境要有耐心…