看了, 感有趣, 影.
$669 億 = 39,585,798 部 OLPC =] ($1690 一部)
Wednesday, December 09, 2009
不是那麼開放 ...
這 post 純屬是看了 Chromium Blog - Google Chrome for Linux goes beta! 中的一句: "It has also been developed as a true open source project, using public mailing lists, IRC channels, bug tracker, code repository, and continuous build and test farm -- following in large part the trail blazed by Mozilla." 有感而發...
話說... 小弟於十一月之時, 見友人 post 了一個關於 Android 開源問題的 blog ... 再加上 上述一句說話, 忽然回去看看那 Android 開源問題...
重回此 blog, 小弟注視的... 是 blog comment 而非 blog content.
如果你有時間, 不彷看看 comment ... 獲益不少呢
話說... 小弟於十一月之時, 見友人 post 了一個關於 Android 開源問題的 blog ... 再加上 上述一句說話, 忽然回去看看那 Android 開源問題...
重回此 blog, 小弟注視的... 是 blog comment 而非 blog content.
如果你有時間, 不彷看看 comment ... 獲益不少呢
Sunday, December 06, 2009
Google Public DNS and Privacy issue...
I was reading the Privacy chapter of the book How to Break Web Software in this morning...
When I read the sections tracking cookie and web bug, I just wonder "Does Google DNS become a new way to deliver personalized Ads to u ^^?"
After a brief googling of keywords: "google dns privacy"... I come to 2 pages ...
http://code.google.com/speed/public-dns/privacy.html
http://www.pcworld.com/article/183671/google_public_dns_and_your_privacy.html
um .... anyway, if u prefer speed ... try the dns @ 8.8.8.8 and 8.8.4.4 =]
When I read the sections tracking cookie and web bug, I just wonder "Does Google DNS become a new way to deliver personalized Ads to u ^^?"
After a brief googling of keywords: "google dns privacy"... I come to 2 pages ...
http://code.google.com/speed/public-dns/privacy.html
http://www.pcworld.com/article/183671/google_public_dns_and_your_privacy.html
um .... anyway, if u prefer speed ... try the dns @ 8.8.8.8 and 8.8.4.4 =]
Friday, October 16, 2009
Blog Action Day 2009 - climate change?
I heard a recent news report on forecasting the climate in HK (where i live) ... the winter will tends not to have no longer below 10.
What's really matter is that our summer is hotter and longer ... Now it's October in HK ... but ... this morning it's 28 degree..
I believe this is not happy to see.
support Blog Action Day 2009 - http://www.blogactionday.org/
What's really matter is that our summer is hotter and longer ... Now it's October in HK ... but ... this morning it's 28 degree..
I believe this is not happy to see.
support Blog Action Day 2009 - http://www.blogactionday.org/
Thursday, October 15, 2009
開源於香港
今天, 很榮幸, 能透過內地 哲思社群(Zeuux) 邀請到 Akira Urushibata 跟 Richard Stallment 於城大一講. 此一講乃 哲思自由软件峰会2009 的期中一站. 有關這一講的內容.. 先在這賣一賣關子. 待 video 弄好了, 再跟大家說也不遲 =P
小弟亦有幸滔光, 作了一個小小的 MC ... 但坦白說, 小弟做 MC 做得不好... 因為完全沒有心理準備, 便又一次 (小弟才第二次做 MC 呢) 被拉馬上台了... 在此, 對聽眾們跟講者們表示歉意.
說回 開源於香港 ... 其實小弟不是參與了開源活動很久, 所以認識還不是很深呢 (小弟今天才得知, 是 GNU/Linux 而不只是 Linux 呢 ... Linux 只是 kernel , 而很多 OS util 是 GNU 哦... 有愧有愧)
在此, 小弟不彷列出小弟認知範圍以內的香港開源知識吧.
1) OAKA (http://www.oaka.org/) - 一個在香港推廣開源活動的合法組織. 曾舉辦大大少少的活動.. 近期的例如: Firefox 3 Release Party 及 Software Freedom Day 2009.
2) OpenSource.HK (http://www.opensource.hk/) - 一位好友以drupal開發的網站. 雖然暫時定位還不太很清楚, 但已有 wiki 跟 blog planet 在上面. 不彷 subscribe 裡面的 rss , 便可 "追蹤" 一下 香港的開源活動
3) OLPC Asia (http://www.olpc.asia/) - 每童一電腦(Asia支部). 曾在馬來西亞、中國四川、不丹 delpoy 了一些 XO Laptop. 小弟不敢在這滔光, 但現時有一些還沒可以對外公開的項目,對這組織作些微貢獻 ^^" (小弟還曾經為此組織當當義工, 還想起第一次在街派傳單就是 olpc 的傳單呢 =P)
4) GoGoGo HK (http://www.gogogo.hk) - 一個暫時還沒完善的本港開源項目. 他們做的 就是要給香港人 一個找車回家的平台 (小弟曾作了些許 git-commit ^^") "潛力無限"呢~ 各位對 algorithm 有研究的人, 不彷去看看 ... 我們要一個快快快快的 shortest path algorithm on around 6xxx nodes.
5) mcore3d (http://code.google.com/p/mcore3d/) - 小弟的兄長與他的朋友一起開發的game engine. 內裡詳情小弟不太清楚.
6) MobileRadio.HK (http://www.mobileradio.hk/) - 雖然他們不是直接與 opensource 有關, 但他們很多時會幫忙推廣香港的 opensource 活動. 功不可沒. (他們的平台是 wordpress-cms 呢)
7) MyStatusSearch (http://code.google.com/p/warenix/wiki/MyStatusSearch) - Facebook Status Search Application ... 一位好友最近的項目. 就是這位好友令我接觸 GNU/Linux 呢... 到這裡找他 =] http://code.google.com/p/warenix (很有趣的 ... 他的名字.. 暫時應該還是 google-globally-unique XD)
8) STK-in-AS3 (http://code.google.com/p/stk-in-as3/) - 一位在活動中認識的朋友... 這項目要把 The Synthesis ToolKit in C++ (STK) 這 project port 到 as3 哦 ...
其實小弟的認知很少, 如果你有更多的資訊, 小弟非常希望你能夠給大家分享分享 =]
小弟中文不才, 比日本來的Akira Urushibata生先 差很多... 有愧 :$
小弟亦有幸滔光, 作了一個小小的 MC ... 但坦白說, 小弟做 MC 做得不好... 因為完全沒有心理準備, 便又一次 (小弟才第二次做 MC 呢) 被拉馬上台了... 在此, 對聽眾們跟講者們表示歉意.
說回 開源於香港 ... 其實小弟不是參與了開源活動很久, 所以認識還不是很深呢 (小弟今天才得知, 是 GNU/Linux 而不只是 Linux 呢 ... Linux 只是 kernel , 而很多 OS util 是 GNU 哦... 有愧有愧)
在此, 小弟不彷列出小弟認知範圍以內的香港開源知識吧.
1) OAKA (http://www.oaka.org/) - 一個在香港推廣開源活動的合法組織. 曾舉辦大大少少的活動.. 近期的例如: Firefox 3 Release Party 及 Software Freedom Day 2009.
2) OpenSource.HK (http://www.opensource.hk/) - 一位好友以drupal開發的網站. 雖然暫時定位還不太很清楚, 但已有 wiki 跟 blog planet 在上面. 不彷 subscribe 裡面的 rss , 便可 "追蹤" 一下 香港的開源活動
3) OLPC Asia (http://www.olpc.asia/) - 每童一電腦(Asia支部). 曾在馬來西亞、中國四川、不丹 delpoy 了一些 XO Laptop. 小弟不敢在這滔光, 但現時有一些還沒可以對外公開的項目,對這組織作些微貢獻 ^^" (小弟還曾經為此組織當當義工, 還想起第一次在街派傳單就是 olpc 的傳單呢 =P)
4) GoGoGo HK (http://www.gogogo.hk) - 一個暫時還沒完善的本港開源項目. 他們做的 就是要給香港人 一個找車回家的平台 (小弟曾作了些許 git-commit ^^") "潛力無限"呢~ 各位對 algorithm 有研究的人, 不彷去看看 ... 我們要一個快快快快的 shortest path algorithm on around 6xxx nodes.
5) mcore3d (http://code.google.com/p/mcore3d/) - 小弟的兄長與他的朋友一起開發的game engine. 內裡詳情小弟不太清楚.
6) MobileRadio.HK (http://www.mobileradio.hk/) - 雖然他們不是直接與 opensource 有關, 但他們很多時會幫忙推廣香港的 opensource 活動. 功不可沒. (他們的平台是 wordpress-cms 呢)
7) MyStatusSearch (http://code.google.com/p/warenix/wiki/MyStatusSearch) - Facebook Status Search Application ... 一位好友最近的項目. 就是這位好友令我接觸 GNU/Linux 呢... 到這裡找他 =] http://code.google.com/p/warenix (很有趣的 ... 他的名字.. 暫時應該還是 google-globally-unique XD)
8) STK-in-AS3 (http://code.google.com/p/stk-in-as3/) - 一位在活動中認識的朋友... 這項目要把 The Synthesis ToolKit in C++ (STK) 這 project port 到 as3 哦 ...
其實小弟的認知很少, 如果你有更多的資訊, 小弟非常希望你能夠給大家分享分享 =]
小弟中文不才, 比日本來的Akira Urushibata生先 差很多... 有愧 :$
Tuesday, October 13, 2009
科研與教學, 兩者密切關係, 例子一
科研與教學, 可能是兩回事...
有些時候... 他們是一回事...
舉例:
研究者亦為教授者... 課堂的其中一份習作, 則要求學生尋找與自身研究相關的數據...
(即.. 研究者利用教學的環節, 透過"超廉價勞工"幫助完成自己的研究)
看! 科研與教學, 實在有非常密切的關係
有些時候... 他們是一回事...
舉例:
研究者亦為教授者... 課堂的其中一份習作, 則要求學生尋找與自身研究相關的數據...
(即.. 研究者利用教學的環節, 透過"超廉價勞工"幫助完成自己的研究)
看! 科研與教學, 實在有非常密切的關係
Tuesday, September 29, 2009
唔怕一萬, 至怕萬一
相信不少朋友, 對"唔怕一萬, 至怕萬一"這說話有一定認識... 究竟, 你跟我的認識有何不同呢??
從數學角度看, "唔怕一萬, 至怕萬一"是指一件事件發生的概率 (Probability). 對! 就是 Probability.
Prob(事件發生) = 1/10001
即是說, 事件發生的可能性為: 每10001個機會, 發生1次
所以... 唔怕一萬, 至怕萬一發生事情!
現在, 由另一個角度看吧~
一萬是 10000, 萬一是 10001
讀電腦的 ... 你會如何理解 10000 及 10001?
無錯! 二進制!
10000 = 16
10001 = 17
16 即 實碌
17 即 實柒
碌乃為幸運之意, 柒乃為真係柒之意
唔怕一萬, 至怕萬一 .... 即是說一件事情, 唔怕走運, 至怕"柒ed"
夠爛嗎? XDDDDDDDDDDDDDDDD
從數學角度看, "唔怕一萬, 至怕萬一"是指一件事件發生的概率 (Probability). 對! 就是 Probability.
Prob(事件發生) = 1/10001
即是說, 事件發生的可能性為: 每10001個機會, 發生1次
所以... 唔怕一萬, 至怕萬一發生事情!
現在, 由另一個角度看吧~
一萬是 10000, 萬一是 10001
讀電腦的 ... 你會如何理解 10000 及 10001?
無錯! 二進制!
10000 = 16
10001 = 17
16 即 實碌
17 即 實柒
碌乃為幸運之意, 柒乃為真係柒之意
唔怕一萬, 至怕萬一 .... 即是說一件事情, 唔怕走運, 至怕"柒ed"
夠爛嗎? XDDDDDDDDDDDDDDDD
Friday, September 18, 2009
貼紙... 我的第一次
因為要準備 Sept 19 的 Software Freedom Day, 這數天, 除了花時間到自己要做的事, 很多時間花了在 SFD 上.
這一兩天, 就是花在小弟第一次整的貼紙上. 雖然那些貼紙, 未有想像中的好... (size 細了) 但還是要做吧 XD
我的工作間, 已被貼紙攻佔!!
而我工作就係... 張 1x6 的大大貼紙群, 修剪為 1x1 的小小貼紙仔 (即下圖)
其中... 最喜歡的一 set 貼紙, 當然是 ... Linux Kernel in the Black Box =]
近呢幾日都會寫 ... "You make SFD Happen!"
想知 SFD 會點? Sept 19 到城大逛逛 =] http://bit.ly/registersfd09hk
p.s. 其實我好整齊架 ._.
這一兩天, 就是花在小弟第一次整的貼紙上. 雖然那些貼紙, 未有想像中的好... (size 細了) 但還是要做吧 XD
我的工作間, 已被貼紙攻佔!!
而我工作就係... 張 1x6 的大大貼紙群, 修剪為 1x1 的小小貼紙仔 (即下圖)
 |  |
其中... 最喜歡的一 set 貼紙, 當然是 ... Linux Kernel in the Black Box =]
近呢幾日都會寫 ... "You make SFD Happen!"
想知 SFD 會點? Sept 19 到城大逛逛 =] http://bit.ly/registersfd09hk
p.s. 其實我好整齊架 ._.
Friday, September 11, 2009
o... i just passed
=P I passed the qual-round ~~~ And, will die in upcoming round 1-a,1-b, and 1-c XDDDDDDDD
Sunday, September 06, 2009
Enabling MLS policy module in SELinux
This "experiment" is carried on late of August, 2009.
Environment: Fedora Core 11 (guest) under VirtualBox-3.0.4 on Ubuntu-9.0.4 (host)
MLS Policy Module Version: 3.6.12
Credits: Most information about SELinux comes from Red Hat Enterprise Linux 5 Deployment Guide [ref-G] and MLS setup procedures come from Fedora Project Wiki. And, Getting Started with SE Linux HOWTO gives me better understanding. If you like reading SELinux from academic paper, consult A logical specification and analysis for SELinux MLS policy.
SELinux Overview in Brief
---
In standard Linux Distro, there is Discretionary Access Control (DAC). Any process running as a user has the permission to any object (file, socket, executable...) as the user. A typical ls -l shows the permission of objects.
For example, the object "Mario_Gant" is owned by user and grouped under the group "user". The permission of the object is rwx:r-x:r-x for owner:group:others respectively. The owner - "user" is granted to read-write-execute of the object. The group - "user" is granted to read-execute. And, any person other than the owner or outside the group of "user" have the read-execute permission on the object. This is typical DAC on any Linux Distro.
SELinux builds another access control layer on top of DAC - the Mandatory Access Control (MAC). SELinux privilege checking is first carried on DAC and then MAC. If DAC denied the access, MAC is not carried. SELinux Decision Process is visualized in [ref-G] as shown below.
Any subject passed DAC checking fires an action request on an object to the SELinux Security Server, a.k.a. the policy enforcement server. The server consult the SELinux Policy Database, either from the Access Vector Cache (AVC) or security context matrix on disk, for policy on that particular object requested. The server grants permission to the subject according to policy consulted. If permission is denied, a denial message is logged.
There are 2 modes of operation in SELinux - Enforcing mode and Permissive mode. The only difference between 2 modes is that Permissive mode does not deny any unprivileged MAC attempt but those unprivileged attempts will be logged. Permissive mode is useful for troubleshooting and development of security contexts.
Security Contexts, User, Role, Type/Domain
SELinux security context of any object is stored as file attribute. Context of object can be viewed by issuing ls -Z. A typical context is shown below.
user_u:object_r:tmp_t:Moonbase_Plans refers to {SELinux User}:{SELinux Role}:{SELinux Domain/Type}:{SELinux MCS/MLS Label} respectively.
Here, SELinux User is different to user in conventional Linux. For instance, a linux user 'pi' is configured as SELinux user "user_u". If 'pi' issue su command to login as 'root', he/she's SELinux user identity is still 'user_u' and thus security policies applied on 'user_u' still remains. Mapping between SELinux User and typical linux uid is maintained by SELinux Login. SELinux Login can be viewed by issuing semanage login -l
The first column is typical linux uid while second column is the SELinux user identity. The last column is the MLS/MCS (Multi Level Security/Multi Category System) Range. MLS and MCS is two different security policies. MLS will be explained in later section in this article.
In above example, different linux uids are mapped to two SELinux User. To obtain the definition of those SELinux User, issue semanage user -l
In this snap, SELinux User 'root' is having 3 different SELinux Roles while it's the same as 'user_u'. However, 'user_u' is being mapped to all typical linux uid while 'root' is mapped to uid 'root' as system administrator. The user, 'system_u', is dedicated for system processes.
Let's move on to SELinux Roles. It is part of SELinux Role-based Access Control and predefined in SELinux policies. SELinux Role determines which process domains / object types can be accessed. All processes under SELinux run under a domain. A domain specifies what can be performed by processes while a type specifies who can access an object.
Roles are predefined. For instance, 'system_r' is the role specifically for all system processes except user processes. It allows domains/types like .. dhcpd_t, httpd_t, initrc_t, and ldconfig_t. These domains/types are for dhcp daemon, http daemon, initrc script, and ldconfig respectively.
SELinux actually is not that complicated ... Let's keep it short! When you login, you obtain a role. This role can perform certain tasks according to predefined rules. Those rules make use of domain and type. So, if your role does not match the specified domain / type, permission deny as result. A SELinux user can have more than a single role. Thus, user may switch between role for certain tasks.
MLS Policy
---
MLS policy in SELinux is implemented like an add-on to SELinux MAC. MLS is abbreviation of Multi-Level Security. So, what is multi-level? It is actually derived from Bell-La Padula model.
In short, using the military terms, a general that can view national secret stuffs can also view national confidential stuffs and of course unclassified stuffs. But, general does not have enough privileges to view stuffs that are classified as national top secret like ... UFO ^^? On the other hand, a general would report to the upstreams but not report anything to the soldiers. (Like you have to report to your boss all the time @@?) This is the general belief behind Bell-La Padula model - "no read up, no write down".
To put this concept into SELinux, look at the self-explanatory visualization from [ref-G].
MLS further extends BLP by allowing categorization, a.k.a. compartment. For example, if UFO is considered as top secret, it belongs to the UFO category. At the same time, another top secret category would be Nuclear. Someone that is allowed to access top secret information related to UFO does not necessarily need to access information about Nuclear. You may consider as sub-levels.
SELinux implementation provides 16 default levels - from s0 (lowest) to s15 (highest), and 1024 categories - from c0 to c1023. Level can be added on demand by editing the file '/etc/selinux/mls/setrans.conf'. At the same time, MLS policy has its own set of roles definition. According to Fedora wiki, roles include: user_r, staff_r, sysadm_r, secadm_r, and auditadm_r. Other than that, DAC, SELinux Role, Type, and Domain still applies with MLS policy.
The Experiment - setup
---
Steps listed below are used to carry my experiment in enabling MLS policy in SELinux under FC11.
1. Installing FC11 with the wonderful LiveCD.
2. Update your fresh installation in order to fix anything the update can fix
To update in FC11, Do the following as root.
*Note: I do this in my tea time ... as the update took me around 30minutes to complete.
3. Install and configure the MLS policy
Again, do as root.
Then, vi the file '/etc/selinux/config' to configure SELinux. Setting the two config-variable as follows.
This configuration tells SELinux to operate in permissive mode (the one mentioned in previous section that it just warns) and use the MLS policy.
4. Ask SELinux to relabel with MLS policy
Issue "touch /.autorelabel" in your terminal so that your next boot will ask SELinux to relabel stuffs with the MLS policy. Then, reboot into single-user mode (see friendly reminder [2] in order to know howto do so) and the relabeling will start. Once relabeling is finished, issue "init 3" to boot into run-level 3.
5. Enabling MLS policy and Getting Back the GUI
To turn on MLS policy, edit the file '/etc/selinux/config' and set 'SELINUX=enforcing'
To turn off MLS policy, edit the file '/etc/selinux/config' and set 'SELINUX=permissive'
To turn on GUI, edit the file '/etc/inittab' and set 'id:5:initdefault:'
To turn off GUI, edit the file '/etc/inittab' and set 'id:3:initdefault:'
The Experiment - tryout
---
In this trial, we are going to setup 2 files with different MLS level, 2 SELinux User with different MLS level, and to see if MLS policies apply correctly.
*Note: Carry the following as root and SELinux in permissive mode. semanage may not work fine in enforcing mode.
1. Creating users and specifies MLS levels for user
In case, Alice is assigned to SELinux user s1_u while Bob is assigned to s2_u. And, they are having different MLS levels. You need to set password for Alice and Bob by issuing passwd.
2. Creating files and apply security context to them
As SELinux policy first check DAC, chmod 777 allows the checking to be passed. Then set the security context to /file1 and /file2 respectively. /file1 belongs to MLS level s1 while /file2 belongs to MLS level s2. The last step is to restore the new context by issuing restorecon.
3. See what happen
First, switch SELinux into enforcing mode by issuing "echo 1 > /selinux/enforce". Do the following and see what happen.
(a) You're still login as root, try to cat /file1 and cat /file2. You probably get permission denied. You may issue ls -Z / and you may find "strange" thing like...
Even root is the owner of /file1 and /file2, root cannot access the files. This is because, by default, root is having MLS level s0 when login. By definition that can be viewed by semanage login -l, root can access levels from s0 to s15. To switch your MLS level to s15, issue newrole -l s15. Now, you can cat /file1 and /file2.
(b) Login as Alice, try to cat /file1 and cat /file2. You probably get content in /file1 but not in /file2. The reason is simple, user with MLS level s1 can access s1 objects but not objects in level s2. By Bell-La Padula model, you cannot read up ^^.
(c) Login as Bob, try to cat /file1 and cat /file2. You probably get content in both /file1 and /file2. By definition of Bell-La Padula model again, you can read down ^^.
(d) Try to write any stuff into /file1 or /file2 with any MLS level. You probably find that you get permission denied. The reason? SELinux MLS policy module is still "experimental" in FC11.
Environment: Fedora Core 11 (guest) under VirtualBox-3.0.4 on Ubuntu-9.0.4 (host)
MLS Policy Module Version: 3.6.12
Credits: Most information about SELinux comes from Red Hat Enterprise Linux 5 Deployment Guide [ref-G] and MLS setup procedures come from Fedora Project Wiki. And, Getting Started with SE Linux HOWTO gives me better understanding. If you like reading SELinux from academic paper, consult A logical specification and analysis for SELinux MLS policy.
SELinux Overview in Brief
---
Security-Enhanced Linux (SELinux) is a security architecture integrated into the 2.6.x kernel using the Linux Security Modules (LSM). It is a project of the United States National Security Agency (NSA) and the SELinux community. SELinux integration into Red Hat Enterprise Linux was a joint effort between the NSA and Red Hat.
-- 44.2. Introduction to SELinux, [ref-G]
In standard Linux Distro, there is Discretionary Access Control (DAC). Any process running as a user has the permission to any object (file, socket, executable...) as the user. A typical ls -l shows the permission of objects.
For example, the object "Mario_Gant" is owned by user and grouped under the group "user". The permission of the object is rwx:r-x:r-x for owner:group:others respectively. The owner - "user" is granted to read-write-execute of the object. The group - "user" is granted to read-execute. And, any person other than the owner or outside the group of "user" have the read-execute permission on the object. This is typical DAC on any Linux Distro.
SELinux builds another access control layer on top of DAC - the Mandatory Access Control (MAC). SELinux privilege checking is first carried on DAC and then MAC. If DAC denied the access, MAC is not carried. SELinux Decision Process is visualized in [ref-G] as shown below.
Any subject passed DAC checking fires an action request on an object to the SELinux Security Server, a.k.a. the policy enforcement server. The server consult the SELinux Policy Database, either from the Access Vector Cache (AVC) or security context matrix on disk, for policy on that particular object requested. The server grants permission to the subject according to policy consulted. If permission is denied, a denial message is logged.
There are 2 modes of operation in SELinux - Enforcing mode and Permissive mode. The only difference between 2 modes is that Permissive mode does not deny any unprivileged MAC attempt but those unprivileged attempts will be logged. Permissive mode is useful for troubleshooting and development of security contexts.
Security Contexts, User, Role, Type/Domain
SELinux security context of any object is stored as file attribute. Context of object can be viewed by issuing ls -Z. A typical context is shown below.
[root@myServer ~]# ls -Z gravityControl.txt
-rw-r--r-- user user user_u:object_r:tmp_t:Moonbase_Plans gravityControl.txt
user_u:object_r:tmp_t:Moonbase_Plans refers to {SELinux User}:{SELinux Role}:{SELinux Domain/Type}:{SELinux MCS/MLS Label} respectively.
Here, SELinux User is different to user in conventional Linux. For instance, a linux user 'pi' is configured as SELinux user "user_u". If 'pi' issue su command to login as 'root', he/she's SELinux user identity is still 'user_u' and thus security policies applied on 'user_u' still remains. Mapping between SELinux User and typical linux uid is maintained by SELinux Login. SELinux Login can be viewed by issuing semanage login -l
[root@dhcp-133 ~]# semanage login -l
Login Name SELinux User MLS/MCS Range
__default__ user_u s0
james user_u s0
daniel user_u s0
root root s0-s0:c0.c1023
olga user_u s0
The first column is typical linux uid while second column is the SELinux user identity. The last column is the MLS/MCS (Multi Level Security/Multi Category System) Range. MLS and MCS is two different security policies. MLS will be explained in later section in this article.
In above example, different linux uids are mapped to two SELinux User. To obtain the definition of those SELinux User, issue semanage user -l
[root@dhcp-133 ~]# semanage user -l
Labeling MLS/ MLS/
SELinux User Prefix MCS Level MCS Range SELinux Roles
root user s0 s0-s0:c0.c1023 system_r sysadm_r user_r
system_u user s0 s0-s0:c0.c1023 system_r
user_u user s0 s0-s0:c0.c1023 system_r sysadm_r user_r
In this snap, SELinux User 'root' is having 3 different SELinux Roles while it's the same as 'user_u'. However, 'user_u' is being mapped to all typical linux uid while 'root' is mapped to uid 'root' as system administrator. The user, 'system_u', is dedicated for system processes.
Let's move on to SELinux Roles. It is part of SELinux Role-based Access Control and predefined in SELinux policies. SELinux Role determines which process domains / object types can be accessed. All processes under SELinux run under a domain. A domain specifies what can be performed by processes while a type specifies who can access an object.
Roles are predefined. For instance, 'system_r' is the role specifically for all system processes except user processes. It allows domains/types like .. dhcpd_t, httpd_t, initrc_t, and ldconfig_t. These domains/types are for dhcp daemon, http daemon, initrc script, and ldconfig respectively.
SELinux actually is not that complicated ... Let's keep it short! When you login, you obtain a role. This role can perform certain tasks according to predefined rules. Those rules make use of domain and type. So, if your role does not match the specified domain / type, permission deny as result. A SELinux user can have more than a single role. Thus, user may switch between role for certain tasks.
MLS Policy
---
MLS policy in SELinux is implemented like an add-on to SELinux MAC. MLS is abbreviation of Multi-Level Security. So, what is multi-level? It is actually derived from Bell-La Padula model.
The term multi-level arises from the defense community's security classifications: Confidential, Secret, and Top Secret. -- 44.6.1 Why Multi-Level, [ref-G]
In short, using the military terms, a general that can view national secret stuffs can also view national confidential stuffs and of course unclassified stuffs. But, general does not have enough privileges to view stuffs that are classified as national top secret like ... UFO ^^? On the other hand, a general would report to the upstreams but not report anything to the soldiers. (Like you have to report to your boss all the time @@?) This is the general belief behind Bell-La Padula model - "no read up, no write down".
To put this concept into SELinux, look at the self-explanatory visualization from [ref-G].
MLS further extends BLP by allowing categorization, a.k.a. compartment. For example, if UFO is considered as top secret, it belongs to the UFO category. At the same time, another top secret category would be Nuclear. Someone that is allowed to access top secret information related to UFO does not necessarily need to access information about Nuclear. You may consider as sub-levels.
SELinux implementation provides 16 default levels - from s0 (lowest) to s15 (highest), and 1024 categories - from c0 to c1023. Level can be added on demand by editing the file '/etc/selinux/mls/setrans.conf'. At the same time, MLS policy has its own set of roles definition. According to Fedora wiki, roles include: user_r, staff_r, sysadm_r, secadm_r, and auditadm_r. Other than that, DAC, SELinux Role, Type, and Domain still applies with MLS policy.
The Experiment - setup
---
Steps listed below are used to carry my experiment in enabling MLS policy in SELinux under FC11.
1. Installing FC11 with the wonderful LiveCD.
2. Update your fresh installation in order to fix anything the update can fix
To update in FC11, Do the following as root.
yum update
reboot
*Note: I do this in my tea time ... as the update took me around 30minutes to complete.
3. Install and configure the MLS policy
Again, do as root.
yum install selinux-policy-mls
Then, vi the file '/etc/selinux/config' to configure SELinux. Setting the two config-variable as follows.
SELINUX=permissive
SELINUXTYPE=mls
This configuration tells SELinux to operate in permissive mode (the one mentioned in previous section that it just warns) and use the MLS policy.
4. Ask SELinux to relabel with MLS policy
Issue "touch /.autorelabel" in your terminal so that your next boot will ask SELinux to relabel stuffs with the MLS policy. Then, reboot into single-user mode (see friendly reminder [2] in order to know howto do so) and the relabeling will start. Once relabeling is finished, issue "init 3" to boot into run-level 3.
5. Enabling MLS policy and Getting Back the GUI
To turn on MLS policy, edit the file '/etc/selinux/config' and set 'SELINUX=enforcing'
To turn off MLS policy, edit the file '/etc/selinux/config' and set 'SELINUX=permissive'
To turn on GUI, edit the file '/etc/inittab' and set 'id:5:initdefault:'
To turn off GUI, edit the file '/etc/inittab' and set 'id:3:initdefault:'
The Experiment - tryout
---
In this trial, we are going to setup 2 files with different MLS level, 2 SELinux User with different MLS level, and to see if MLS policies apply correctly.
*Note: Carry the following as root and SELinux in permissive mode. semanage may not work fine in enforcing mode.
1. Creating users and specifies MLS levels for user
adduser alice
adduser bob
semanage user -a -L s1 -r s1:c0.c1023 -R user_r -P user s1_u
semanage user -a -L s2 -r s2:c0.c1023 -R user_r -P user s2_u
semanage login -a -s s1_u -r s1:c0.c1023 alice
semanage login -a -s s2_u -r s2:c0.c1023 bob
In case, Alice is assigned to SELinux user s1_u while Bob is assigned to s2_u. And, they are having different MLS levels. You need to set password for Alice and Bob by issuing passwd.
2. Creating files and apply security context to them
echo "This is file 1" > /file1
echo "This is file 2" > /file2
chmod 777 /file1
chmod 777 /file2
semanage fcontext -a -r s1 -s s1_u -t user_t /file1
semanage fcontext -a -r s2 -s s2_u -t user_t /file2
restorecon -v /file1
restorecon -v /file2
As SELinux policy first check DAC, chmod 777 allows the checking to be passed. Then set the security context to /file1 and /file2 respectively. /file1 belongs to MLS level s1 while /file2 belongs to MLS level s2. The last step is to restore the new context by issuing restorecon.
3. See what happen
First, switch SELinux into enforcing mode by issuing "echo 1 > /selinux/enforce". Do the following and see what happen.
(a) You're still login as root, try to cat /file1 and cat /file2. You probably get permission denied. You may issue ls -Z / and you may find "strange" thing like...
?--------- ? ? file1
?--------- ? ? file2
Even root is the owner of /file1 and /file2, root cannot access the files. This is because, by default, root is having MLS level s0 when login. By definition that can be viewed by semanage login -l, root can access levels from s0 to s15. To switch your MLS level to s15, issue newrole -l s15. Now, you can cat /file1 and /file2.
(b) Login as Alice, try to cat /file1 and cat /file2. You probably get content in /file1 but not in /file2. The reason is simple, user with MLS level s1 can access s1 objects but not objects in level s2. By Bell-La Padula model, you cannot read up ^^.
(c) Login as Bob, try to cat /file1 and cat /file2. You probably get content in both /file1 and /file2. By definition of Bell-La Padula model again, you can read down ^^.
(d) Try to write any stuff into /file1 or /file2 with any MLS level. You probably find that you get permission denied. The reason? SELinux MLS policy module is still "experimental" in FC11.
Thursday, September 03, 2009
CodeJam 2009, Did you ^^?
Haha ~~ codejam is back:p
This morning ... i was struggling with the problem set :p
And... finally tackled the easiest one :p
BUT .... if you carry the codejam early in the morning ... you will find if you download the input data... You get THIS XD
And ... you can check the QA list for the error...
This morning ... i was struggling with the problem set :p
And... finally tackled the easiest one :p
BUT .... if you carry the codejam early in the morning ... you will find if you download the input data... You get THIS XD
And ... you can check the QA list for the error...
Thursday, August 13, 2009
my gsoc2009 @ August 13
I just issued my "last" gsoc status report to the php ml =]
Even so... i'm still going to work on it as leisure :p The next target ... Implementing a WYSIWYG doc-editor!
Even so... i'm still going to work on it as leisure :p The next target ... Implementing a WYSIWYG doc-editor!
Friday, August 07, 2009
一生何求 - 給還為工作摸不著頭腦的朋友
今早, 在快樂長門人的老人家點唱站, 聽到這首歌.
常判決放棄與擁有... 你們判決了你們所找的工作, 是對嗎?
還記得, 數日前, 一好友找工 interview 時, 被問到: "你期望你三十歲時, 在做什麼?" ... 當時心裡想... 子曰:"吾十有五而志于学,三十而立" ... 這很有意思的問題! 老太爺都是三十歲自立呢....
三十歲時, 我不想當經理, 不想當主管... 只想... 跟未來老婆大人開一家賣花茶的小店, 讓客人休息休息, 讓自己做些自己想做的事... 難不難? 不難! 何休哉? 休哉! 休哉!
要是不幸生活逼人, 結業大吉, 大不了跑回企業由小混混做起. 會後悔嗎, 不會! "我得到沒有 沒法解釋得失錯漏" ... 要是從沒想過, 從沒做過... 便會 "耗盡我這一生 觸不到已跑開"...
朋友們, 你的三十歲呢?? 有想過嗎??? 你的工作可以幫你 "三十而立" 嗎? 過了三十才 "回頭多少個秋"... 可惜!可惜!
一生何求 - 陳百強
曲︰王文清
詞︰潘偉源
編︰蘇德華
冷暖那可休 回頭多少個秋
尋遍了卻偏失去 未盼卻在手
我得到沒有 沒法解釋得失錯漏
剛剛聽到望到便更改 不知那裡追究
一生何求 常判決放棄與擁有
耗盡我這一生 觸不到已跑開
一生何求 迷惘裡永遠看不透
沒料到我所失的竟已是我的所有
一生何求 曾妥協也試過苦鬥
夢內每點繽紛 一消散那可收
一生何求 誰計較讚美與咀咒
沒料到我所失的竟已是我的所有
常判決放棄與擁有... 你們判決了你們所找的工作, 是對嗎?
還記得, 數日前, 一好友找工 interview 時, 被問到: "你期望你三十歲時, 在做什麼?" ... 當時心裡想... 子曰:"吾十有五而志于学,三十而立" ... 這很有意思的問題! 老太爺都是三十歲自立呢....
三十歲時, 我不想當經理, 不想當主管... 只想... 跟未來老婆大人開一家賣花茶的小店, 讓客人休息休息, 讓自己做些自己想做的事... 難不難? 不難! 何休哉? 休哉! 休哉!
要是不幸生活逼人, 結業大吉, 大不了跑回企業由小混混做起. 會後悔嗎, 不會! "我得到沒有 沒法解釋得失錯漏" ... 要是從沒想過, 從沒做過... 便會 "耗盡我這一生 觸不到已跑開"...
朋友們, 你的三十歲呢?? 有想過嗎??? 你的工作可以幫你 "三十而立" 嗎? 過了三十才 "回頭多少個秋"... 可惜!可惜!
Wednesday, July 29, 2009
my gsoc2009 @ July 29
Thanks to php-manual, I can generate mod_auth_digest MD5 hash nicely =]
The hash is highlighted below ~
So, what I'm doing to simulate a "cvs-login" on subversion is to fire a MKACTIVITY request to the server. (this is documented in the protocol that most "write" operations first fire it before any other operation).
This MKACTIVITY request will be responded with HTTP-401 Authorization Required =]
Then, I use the info from the HTTP-401 and generate a valid hash of it.... Fire back another MKACTIVITY request with Authorization header.
If... server still reply me with HTTP-401... then the user-password is not valid to the server.
If... server reply me with the superb HTTP-201... That's valid user-password pair.
The whole stuff like this ...
p.s. ... invalid credential give me an apache-error on my own repository ...
The hash is highlighted below ~
So, what I'm doing to simulate a "cvs-login" on subversion is to fire a MKACTIVITY request to the server. (this is documented in the protocol that most "write" operations first fire it before any other operation).
This MKACTIVITY request will be responded with HTTP-401 Authorization Required =]
Then, I use the info from the HTTP-401 and generate a valid hash of it.... Fire back another MKACTIVITY request with Authorization header.
If... server still reply me with HTTP-401... then the user-password is not valid to the server.
If... server reply me with the superb HTTP-201... That's valid user-password pair.
The whole stuff like this ...
p.s. ... invalid credential give me an apache-error on my own repository ...
[Wed Jul 29 17:20:41 2009] [error] [client 144.214.121.111] Digest: user kschan: password mismatch: /svn/acm/!svn/act/67764a9e-5629-6c72-d9fc-6205068e0a1a
Tuesday, July 28, 2009
my gsoc2009 @ July 28
SVN is good for source control "only".
Why I'm saying so ^^? Read the story...
The story is simple....
In doc-editor, user won't need to register in which doc-editor will check for cvs-credential automatically. As cvs2svn migration complete, I need to adopt svn for doc-editor. So, the very first thing is that I need to understand how svn authenticate!!
Just before my study ... I just know ... svn uses Apache and Http... That's ALL! So, I googled ... "subversion http protocol" and failed. Then, I read subversion *documents* slowly and know that it's using webdav. So, I googled "subversion webdav protocol"... Yes! It give me this!
Therefore, I make my first trail with php-webdav-extension from here...
The codes are simple as shown here ~.~ It fires a webdav-put request and so the authentication stuff are sent to server.
Even it worked... but ... drawbacks come.... no matter what, Apache give me error log as the webdav request is not valid to mod_dav_svn.
Thus, I think I better seek advice from mentor =] And mentor just said, if we're going to use php-extension, we better use the official ... However, the official svn package is somehow like the native svn-client in which the authentication is fired when some operations ask for that... That's to say... it's not much different that I use exec('svn ci') =.=" So, it's much better to do it raw!
To do it raw... I need to understand how's the webdav protocol actually works out ... That's pretty difficult (I should say it's evil honestly =.=) I tried to seek help from freenode-irc #svn but not much help ... So I googled to see how can I trace a http-request and response....
The answer is .... strace!
As fas as I know from the strace ... Apache may be using mod_auth_digest for authentication ... Therefore ... i'm going to study how it works now ... so that i can MD5 the "password" for the authorization header.
( another hard task for me -.-" but that's quite enjoyable =] )
Why I'm saying so ^^? Read the story...
The story is simple....
In doc-editor, user won't need to register in which doc-editor will check for cvs-credential automatically. As cvs2svn migration complete, I need to adopt svn for doc-editor. So, the very first thing is that I need to understand how svn authenticate!!
Just before my study ... I just know ... svn uses Apache and Http... That's ALL! So, I googled ... "subversion http protocol" and failed. Then, I read subversion *documents* slowly and know that it's using webdav. So, I googled "subversion webdav protocol"... Yes! It give me this!
Therefore, I make my first trail with php-webdav-extension from here...
The codes are simple as shown here ~.~ It fires a webdav-put request and so the authentication stuff are sent to server.
Even it worked... but ... drawbacks come.... no matter what, Apache give me error log as the webdav request is not valid to mod_dav_svn.
Thus, I think I better seek advice from mentor =] And mentor just said, if we're going to use php-extension, we better use the official ... However, the official svn package is somehow like the native svn-client in which the authentication is fired when some operations ask for that... That's to say... it's not much different that I use exec('svn ci') =.=" So, it's much better to do it raw!
To do it raw... I need to understand how's the webdav protocol actually works out ... That's pretty difficult (I should say it's evil honestly =.=) I tried to seek help from freenode-irc #svn but not much help ... So I googled to see how can I trace a http-request and response....
The answer is .... strace!
As fas as I know from the strace ... Apache may be using mod_auth_digest for authentication ... Therefore ... i'm going to study how it works now ... so that i can MD5 the "password" for the authorization header.
( another hard task for me -.-" but that's quite enjoyable =] )
Friday, July 24, 2009
my gsoc2009 @ July 24
php svn-migration is complete and that's time to commit changes :p (excuse for my laziness)
the project is now on http://svn.php.net/viewvc/web/doc-editor/trunk/
You may have a look into the dirty codes by "svn co http://svn.php.net/repository/web/doc-editor/trunk doc-editor"
What I've done thus far from the last commit is that I factored the php files from the ground to the top. The single pain-long (yup, pain-long not plain-long as that's really painful!) class.php is now separated into dozen of files in which each of them groups related functions. The groupings are now written on http://wiki.php.net/gsoc/2009/phdoe#factored_php_classes
Let's have a sneak preview :p
Anyway, what are other excuses of a late commit ^^?
The trouble was that .... i failed to commit the codes .... OMG... What a pity?
The case was that ... when i did svn ci, server responded me ..
err.... what can I do? Of course.... shout SOS!
And, I got a hand from the mailing list and lovely Apache told me ...
So ... the last resort is Goooooogle!
With a day or two of searching and guessing ... I came to this... The archived mail told me that ... perhaps my network proxy did something naughty to my svn ci .... ( :[ damn hidden proxy? )
The solution is this... i bring the patch back to my home with no hidden proxy ... and committed =]
p.s. Have a footnote here... I'm brainstorming further refactor the project ... see http://wiki.php.net/gsoc/2009/phdoe#brainstorming_idea
the project is now on http://svn.php.net/viewvc/web/doc-editor/trunk/
You may have a look into the dirty codes by "svn co http://svn.php.net/repository/web/doc-editor/trunk doc-editor"
What I've done thus far from the last commit is that I factored the php files from the ground to the top. The single pain-long (yup, pain-long not plain-long as that's really painful!) class.php is now separated into dozen of files in which each of them groups related functions. The groupings are now written on http://wiki.php.net/gsoc/2009/phdoe#factored_php_classes
Let's have a sneak preview :p
Anyway, what are other excuses of a late commit ^^?
The trouble was that .... i failed to commit the codes .... OMG... What a pity?
The case was that ... when i did svn ci, server responded me ..
svn: Commit failed (details follow):
svn: At least one property change failed; repository is unchanged
svn: Server sent unexpected return value (400 Bad Request) in response to PROPPATCH request
err.... what can I do? Of course.... shout SOS!
And, I got a hand from the mailing list and lovely Apache told me ...
[Wed Jul 22 02:29:46 2009] [error] [client (screened)] Could not fetch resource information. [301, #0]
[Wed Jul 22 02:29:46 2009] [error] [client (screened)] Requests for a collection must have a trailing slash on the URI. [301, #0]
So ... the last resort is Goooooogle!
With a day or two of searching and guessing ... I came to this... The archived mail told me that ... perhaps my network proxy did something naughty to my svn ci .... ( :[ damn hidden proxy? )
The solution is this... i bring the patch back to my home with no hidden proxy ... and committed =]
p.s. Have a footnote here... I'm brainstorming further refactor the project ... see http://wiki.php.net/gsoc/2009/phdoe#brainstorming_idea
Tuesday, July 07, 2009
my gsoc2009 @ July 07
When I read the gsoc timeline, I was expected to submit a "mid-term evaluation" that I thought it's a written report. But... finally, it turns out that it's a MC-alike survey ^^ My Life Is MUCH EASIER!!
Anyway, there are still 2 big empty boxes to fill in texxxxxxxxxxxxxxxxxt :( I'm not feeling comfortable with it as the boxes are at the bottom of the MCs :p (quite disappoint me that I need to think of something to fill the boxes :p)
By the way, I got a good news and bad news from the php mailing list ... Good news is that php is going to use SVN. Bad news is that doc-editor is CVS-dependent. That's to say I need to twist the code and adopt the migration ^^"
Anyway, there are still 2 big empty boxes to fill in texxxxxxxxxxxxxxxxxt :( I'm not feeling comfortable with it as the boxes are at the bottom of the MCs :p (quite disappoint me that I need to think of something to fill the boxes :p)
By the way, I got a good news and bad news from the php mailing list ... Good news is that php is going to use SVN. Bad news is that doc-editor is CVS-dependent. That's to say I need to twist the code and adopt the migration ^^"
Friday, July 03, 2009
香港人在做什麼?
晚, 與友聚, 夜回家. 路經街市後巷, 見老婆婆數名, 在垃圾箱裡找紙皮.
到底, 誰是兇手? 誰要老婆婆在大熱天時的深夜拾紙皮?
是因為廢紙回收商的幾元吸引了老婆婆? 是因為企業商品價格高漲? 還是因為政府官員不力?
坦白說, 誰人走到銀行裡, 要求補印單據, 服務費定超十元... 而老婆婆拾紙半天, 可能還得不到十元的"利潤"
到底企業盈利增長, 是不是代表窮人愈來愈多? 是官商釣結? 還是官被商弄?
有錢商人每半年的忽然"捐出"數十/百/千萬給一些慈善機構的整體社會意義大? 還是商人旗下企業商品價格每半年的下調0.1%的整體社會意義大?
有"心"的商人們哦... 你們在做什麼? 你們的盈利是否遠超於香港社會整體的發展? 為什麼香港還窮的時候沒有老婆婆拾紙皮, 到了香港發展了卻"新興起"這"行業"?
政府的官員們..公務員們.. 你們在做什麼? 你們的高薪價值是否只在於你們的學歷與經驗? 可否大膽一點的執行些有利香港整體社會的措施? 可否令老婆婆拾紙皮這"行業"沒落?
我不是聰明人, 我不是有能力之人. 我是小市民. 我是平凡的小市民. 我明白人是自私的動物, 理想的社會主義並不能完美的實現. 但資本主義持久下去, 只會令更多更多適合老人家的"行業"出現... 不要問我共產不共產, 我心只想問我們下一代會怎.
我可以做什麼... ? 有人可以指教我嗎?
到底, 誰是兇手? 誰要老婆婆在大熱天時的深夜拾紙皮?
是因為廢紙回收商的幾元吸引了老婆婆? 是因為企業商品價格高漲? 還是因為政府官員不力?
坦白說, 誰人走到銀行裡, 要求補印單據, 服務費定超十元... 而老婆婆拾紙半天, 可能還得不到十元的"利潤"
到底企業盈利增長, 是不是代表窮人愈來愈多? 是官商釣結? 還是官被商弄?
有錢商人每半年的忽然"捐出"數十/百/千萬給一些慈善機構的整體社會意義大? 還是商人旗下企業商品價格每半年的下調0.1%的整體社會意義大?
有"心"的商人們哦... 你們在做什麼? 你們的盈利是否遠超於香港社會整體的發展? 為什麼香港還窮的時候沒有老婆婆拾紙皮, 到了香港發展了卻"新興起"這"行業"?
政府的官員們..公務員們.. 你們在做什麼? 你們的高薪價值是否只在於你們的學歷與經驗? 可否大膽一點的執行些有利香港整體社會的措施? 可否令老婆婆拾紙皮這"行業"沒落?
我不是聰明人, 我不是有能力之人. 我是小市民. 我是平凡的小市民. 我明白人是自私的動物, 理想的社會主義並不能完美的實現. 但資本主義持久下去, 只會令更多更多適合老人家的"行業"出現... 不要問我共產不共產, 我心只想問我們下一代會怎.
我可以做什麼... ? 有人可以指教我嗎?
my gsoc2009 @ July 03
=] The first milestone is reached!
The clearance of js namespace has been completed and ui-components resulted.
main.js keeps several things in its namespace and a clear layout in the source.
The next milestone is to cleanup the PHPs as listed in the todo.
Currently, a single ExtJsController.php dispatches corresponding handler for particular request. This will be kept but the handler structure will be changed as the handlers are all messed up in class.php. My plan is like this... first groups those related handlers (some are listed in todo), then try to build a hierarchy if there's any. Hope this can be finished before mid of July =]
The clearance of js namespace has been completed and ui-components resulted.
main.js keeps several things in its namespace and a clear layout in the source.
The next milestone is to cleanup the PHPs as listed in the todo.
Currently, a single ExtJsController.php dispatches corresponding handler for particular request. This will be kept but the handler structure will be changed as the handlers are all messed up in class.php. My plan is like this... first groups those related handlers (some are listed in todo), then try to build a hierarchy if there's any. Hope this can be finished before mid of July =]
Sunday, June 21, 2009
my gsoc2009 @ June 21
It's a GDay =] Several bugs are KIA... AND, only several miles away from the destination =]
main.js is now 18xx lines (which is 23% of the original main.js)
There are totally 22 ui-components that builds up the doc-editor ui while there are 8 ui-task wrappers work for the user.
if you read my previous report back to 2 weeks ago, i have refactored and tested 4xxx lines js in this two weeks :p indeed ... these 4xxx lines are 70-80% alike but different context in use.
anyway ... if you read my proposed timeline .... i'm still behind schedule :p even so ... the proposed one is actually different from the acting one :p Thus! this week ... i will use the time for "merging and testing" to refactor and test out the rest of main.js.
main.js is now 18xx lines (which is 23% of the original main.js)
There are totally 22 ui-components that builds up the doc-editor ui while there are 8 ui-task wrappers work for the user.
if you read my previous report back to 2 weeks ago, i have refactored and tested 4xxx lines js in this two weeks :p indeed ... these 4xxx lines are 70-80% alike but different context in use.
anyway ... if you read my proposed timeline .... i'm still behind schedule :p even so ... the proposed one is actually different from the acting one :p Thus! this week ... i will use the time for "merging and testing" to refactor and test out the rest of main.js.
可以做的, 都做完了
曾經有一位小朋友問我... 讀大學跟讀中學有什麼分別??
當時我不懂怎樣回答. 因為.. 我的大學生涯實在有點乏味!
現在... 作個總結吧.
在寫之前... 我都不知道自己在大學做了什麼... 寫了之後...才發現.. 原來大學跟中學最不同的地方... 就是自由.
我在大學"可以做的, 都做完了。" 你在大學做了些什麼? 可以跟我分享一下嗎 ^^?
當時我不懂怎樣回答. 因為.. 我的大學生涯實在有點乏味!
現在... 作個總結吧.
yr1:
* 為金錢打拚... 打拚... 打拚... 打拚... 打拚... 打拚... 打拚...
* 曾參與 career center 的一些活動... 為將來的金錢打拚... 打拚... 打拚...
* 曾以打拚的金錢, 在summer 時參加了日本與台灣遊學 (好像是工作人士一樣呢... 搵完錢, 放下大假)
* tour 完之後... summer job 為金錢打拚... 打拚...
yr2:
* 為金錢打拚... 打拚... 打拚... 打拚... 打拚... 打拚... 打拚...
* 因遊學認識了些師兄, 從而神推鬼使的參與了faculty支持的"自主研發"項目...
* 曾為項目負出時間, 因不知怎的原因... 項目步入爛尾之路.... orz
* 曾以打拚的金錢, 在summer 時參加了英國遊學 (又放下大假)
* 踏入placement年...
yr3:
* 在大笨象公司實習.....為金錢打拚... 打拚... 打拚... 打拚... 打拚...
* 在"空餘"時間, 完成了"接近爛尾"項目... BUT, 到最後都是一個爛尾的經驗 (因為項目早以失去其意義)
* 受聘於外資科技公司, "推動校園開源文化"?? (終於有一點點的味道了)
* summer .... 與同學歐遊 =] (又放假)
yr4:
* 開始不再把"為金錢打拚"放到第一位 ... 因為好累 =.="
* 盡心為畢業設計努力.. (終於明白到..成果是怎樣並不太重要... 重要的是過程是怎樣)
* 繼續"推動校園開源文化" ... (黎緊919見 =])
* 與業內社區組織打交道, oaka.. agilehk.. barcamp.. fxair.. olpc.. 等等
* 參與了很多開源/義務/技術發展工作與活動. 認識了很多很多很多的朋友. (是我最開心的其中一件事吧)
* 有幸參與 Google Summer of Code. 參與php internal util 開發(完夢了!?)
* 參與 acm-hk-contest, 終於可以為"電腦科學系學生"這字眼添上一些色彩.
* 還有.. 認識了她 (是我最開心的另一件事)
在寫之前... 我都不知道自己在大學做了什麼... 寫了之後...才發現.. 原來大學跟中學最不同的地方... 就是自由.
我在大學"可以做的, 都做完了。" 你在大學做了些什麼? 可以跟我分享一下嗎 ^^?
Thursday, June 11, 2009
my gsoc2009 @ June 11
As doc-editor has many sub-components open a code-mirror editor.. i'm trying to make the editor becomes a reusable ui component.
Today ... i'm working on that and trying to allows two editor to synchronize their scroll bar...
BUT... problemsssssssssssssssssssssssssssss :)
Let's consider this!
Editor-A scroll for 40px from top
Editor-A's scroll listener catch the event and ask Editor-B to scroll to 40px from top
Editor-B scroll for 40px from top
Editor-B's scroll listener catch the event and ask Editor-A to scroll to 40px from top
Editor-A scroll for 40px from top
:
:
:
who scroll NEXT?
in Chrome ... the logic seems working.... but in Firefox ... the logic breaks.
To handle this.... I added a "scroll-lock" to the editors :] (just a conventional solution to handle synchronization problem)
New logic follows....
Editor-A scroll for 40px from top
Editor-A listener gains lock as Editor-B is not scrolling
Editor-B scroll for 40px from top asked by Editor-A listener
Editor-B listener cannot gain lock as Editor-A gained
Editor-B listener gives up asking Editor-A to scroll and force Editor-A to release the lock
So... scrolling won't be propagated
if Editor-A/Editor-B scroll again, lock can be gained and logic applies
Sync is FUNNY XD
Today ... i'm working on that and trying to allows two editor to synchronize their scroll bar...
BUT... problemsssssssssssssssssssssssssssss :)
Let's consider this!
Editor-A scroll for 40px from top
Editor-A's scroll listener catch the event and ask Editor-B to scroll to 40px from top
Editor-B scroll for 40px from top
Editor-B's scroll listener catch the event and ask Editor-A to scroll to 40px from top
Editor-A scroll for 40px from top
:
:
:
who scroll NEXT?
in Chrome ... the logic seems working.... but in Firefox ... the logic breaks.
To handle this.... I added a "scroll-lock" to the editors :] (just a conventional solution to handle synchronization problem)
New logic follows....
Editor-A scroll for 40px from top
Editor-A listener gains lock as Editor-B is not scrolling
Editor-B scroll for 40px from top asked by Editor-A listener
Editor-B listener cannot gain lock as Editor-A gained
Editor-B listener gives up asking Editor-A to scroll and force Editor-A to release the lock
So... scrolling won't be propagated
if Editor-A/Editor-B scroll again, lock can be gained and logic applies
Sync is FUNNY XD
Friday, June 05, 2009
My Firefox3 was HACKED!! Did yours?
:( very very unhappy ... my firefox was hacked by m$ /___\
damn m$.
damn m$.
Thursday, June 04, 2009
A joke?? Google Squared
Google Squared ... a new comers to goog-lab ...
Actually ... it's a lie :p
I see no square in google squared but rectanglesssssssss
If squared means google x google (google ^ 2) ... then this means squared amount of queries which is inbelieveable
So ... I bet ... the name squared is a lie~~~~~
Anyway ... good fight to Wolfram Alpha as Squared is already in beta as initial XDDDDDDDDDDDD
waiting for Google Cube @.@v~
Actually ... it's a lie :p
I see no square in google squared but rectanglesssssssss
If squared means google x google (google ^ 2) ... then this means squared amount of queries which is inbelieveable
So ... I bet ... the name squared is a lie~~~~~
Anyway ... good fight to Wolfram Alpha as Squared is already in beta as initial XDDDDDDDDDDDD
waiting for Google Cube @.@v~
Wednesday, June 03, 2009
Google is Different!!!
Take a look of Google in FF3 vs IE7 by https://browserlab.adobe.com/
Google is asking you to download Chrome in IE7 ^^ (but not in FF)
GOOD!!!!!!!!!!!!!
Google is asking you to download Chrome in IE7 ^^ (but not in FF)
GOOD!!!!!!!!!!!!!
Sunday, May 31, 2009
my gsoc2009 @ May 31
This is again not a good day for coding .... But the day to learn coding -.-"
Let's consider the following js...
Have you ever think of ... "this.items" is still exist after the delete statement??
This is why i said today is not that good for coding :p
Sooooooooooo, let me explain wt's actually happening...
When i'm refactoring the codes of doc-editor ... I do something like this ...
items of the ui-component are directly defined in the Ext.extend function.
BUT............ The devil comes!!!!!!
As you can see from the nice FireBug console ... Before the delete statement ... items are there... After the delete statement ... ITEMS ARE STILL THERE and making the initComponent CRASHES!!!
Right before I know the problem behind ... i guess it's Firefox bug ^^ then I tried on Chrome ... Same thing happen in Chrome's console .... SO... THat's not bug of browser ....
Wt next?? I dig into Ext.extend ... and think that's bug of Ext.extent ... BUT... Indeed ... it's not a bug but my poor understanding of javascript ~~~~~
From Ext.extend ... items are considered as prototype attribute SO THAT delete statement WONT work here....
Solution! prevent using extend statement for defining the itemssssssssssssssss
---
Update@4-June-2009
This morning... I spent another hour to fight against a bug due to Ext.extend(). In addition to items, overriding tbar + bbar as prototype attribute DOES ALSO CRASH extjs. Looook OUT!!
Let's consider the following js...
var items = this.items;
if (items) {
delete this.items;
...
}
Have you ever think of ... "this.items" is still exist after the delete statement??
This is why i said today is not that good for coding :p
Sooooooooooo, let me explain wt's actually happening...
When i'm refactoring the codes of doc-editor ... I do something like this ...
items of the ui-component are directly defined in the Ext.extend function.
BUT............ The devil comes!!!!!!
As you can see from the nice FireBug console ... Before the delete statement ... items are there... After the delete statement ... ITEMS ARE STILL THERE and making the initComponent CRASHES!!!
Right before I know the problem behind ... i guess it's Firefox bug ^^ then I tried on Chrome ... Same thing happen in Chrome's console .... SO... THat's not bug of browser ....
Wt next?? I dig into Ext.extend ... and think that's bug of Ext.extent ... BUT... Indeed ... it's not a bug but my poor understanding of javascript ~~~~~
From Ext.extend ... items are considered as prototype attribute SO THAT delete statement WONT work here....
Solution! prevent using extend statement for defining the itemssssssssssssssss
---
Update@4-June-2009
This morning... I spent another hour to fight against a bug due to Ext.extend(). In addition to items, overriding tbar + bbar as prototype attribute DOES ALSO CRASH extjs. Looook OUT!!
Monday, May 25, 2009
The GSOC Package
When I awoke this morning, a FedEx package arrived ~~~ It's My GSOC Package!!
A little bit blur as my phone doesn't have anti-handshake ~o~"
So~ Let's have a macro-shot on the notebook!!
It's pretty the same as Google Notebook XD
A little bit blur as my phone doesn't have anti-handshake ~o~"
So~ Let's have a macro-shot on the notebook!!
It's pretty the same as Google Notebook XD
Sunday, May 24, 2009
my gsoc2009 @ May 24
This week, I finished abstracting the Ext.ajax.request() and reflect corresponding changes in phps.
The major reason for abstracting the pretty good Ext.ajax.request() is that ... we may save some lines for those repeating things like the url of the web service... And another reason is that I know how doc-editor works throughout all request-and-response.
To have a brief review on main.js ... it's a one-big-ui-class with many methods ... those ui-components can be classified by their nature of task ... The following code block can explain the situation...
As you can see, this make my life easier to break them into different large piece ui components. But.. probably these large piece ui-components are not reusable for other task ... Anyway... i'm not making an ui library so that's not a problem =]
Let's get back to the XHR abstraction. From extjs implementation of ext.ajax.request() method ...
- success callback will be invoked if (httpStatus >= 200 && httpStatus < 300) || (httpStatus == 1223 for IE)
- failure callback will be invoked else
- request callback will be invoked right after calling success/failure callback
And, most (but not every) XHRs in doc-editor depend on the "success" attribute in the response json string to make decision. So, why not slightly improve the readability by re-directing those response with "success: false" to the failure callback and free the success callback by a single if-else branching ??
As a result ... the abstraction is made as follow.
Followed by this decision, I need to reflect the changes in phps. In php... there are 3 routines something like ...
1) getResponse( $mixed ) {return json_encode($mixed); }
2) getSuccess() { return getResponse( array( 'success' => true ) ); }
3) getFailure( $message ) { return getResponse( array( 'success' => false, 'msg' => $message ) ); }
XHR request handlers depend on this 3 functions ... sometimes getFailure-getResponse pair while sometimes getFailure-getSuccess pair. So, I decide to unite them.
It's pretty simple ... change all handlers into getFailure-getSuccess pair and then the XHR abstraction should work. Hence, following codes resulted.
However, when i try to test out the changes ... Something failed... The repository tree failed to load and not files can be retrieved... So, i go back to main.js and see what's matter. It's tricky... the tree nodes are loaded by ext.tree.TreeLoader in which this loader can only accepts json with ext-tree-node config ... While ... the php is returning something like ... { success : true, 1 : tree_node_config1, 2 : tree_node_config2, ... }. A solution is to rollback the change on the repository request handler and allows it to use getResponse instead of getSuccess.
The major reason for abstracting the pretty good Ext.ajax.request() is that ... we may save some lines for those repeating things like the url of the web service... And another reason is that I know how doc-editor works throughout all request-and-response.
To have a brief review on main.js ... it's a one-big-ui-class with many methods ... those ui-components can be classified by their nature of task ... The following code block can explain the situation...
class something_like_the_main {
task1 : function() {
define_ui_of_task1();
fire_any_XHR_to_construct_the_ui();
show_the_ui_for_task1();
},
task2 : function() {
define_ui_of_task2();
fire_any_XHR_to_construct_the_ui();
show_the_ui_for_task2();
}
...
...
taskN : function() {
// feels like copy & paste from above tasks...................
}
}
As you can see, this make my life easier to break them into different large piece ui components. But.. probably these large piece ui-components are not reusable for other task ... Anyway... i'm not making an ui library so that's not a problem =]
Let's get back to the XHR abstraction. From extjs implementation of ext.ajax.request() method ...
- success callback will be invoked if (httpStatus >= 200 && httpStatus < 300) || (httpStatus == 1223 for IE)
- failure callback will be invoked else
- request callback will be invoked right after calling success/failure callback
And, most (but not every) XHRs in doc-editor depend on the "success" attribute in the response json string to make decision. So, why not slightly improve the readability by re-directing those response with "success: false" to the failure callback and free the success callback by a single if-else branching ??
As a result ... the abstraction is made as follow.
Followed by this decision, I need to reflect the changes in phps. In php... there are 3 routines something like ...
1) getResponse( $mixed ) {return json_encode($mixed); }
2) getSuccess() { return getResponse( array( 'success' => true ) ); }
3) getFailure( $message ) { return getResponse( array( 'success' => false, 'msg' => $message ) ); }
XHR request handlers depend on this 3 functions ... sometimes getFailure-getResponse pair while sometimes getFailure-getSuccess pair. So, I decide to unite them.
It's pretty simple ... change all handlers into getFailure-getSuccess pair and then the XHR abstraction should work. Hence, following codes resulted.
However, when i try to test out the changes ... Something failed... The repository tree failed to load and not files can be retrieved... So, i go back to main.js and see what's matter. It's tricky... the tree nodes are loaded by ext.tree.TreeLoader in which this loader can only accepts json with ext-tree-node config ... While ... the php is returning something like ... { success : true, 1 : tree_node_config1, 2 : tree_node_config2, ... }. A solution is to rollback the change on the repository request handler and allows it to use getResponse instead of getSuccess.
Monday, May 18, 2009
my gsoc2009 @ May 18
At the first glance ... the javascript is really a big mess -.-"
So... I try to study it by first refactoring ALL XHR in the script... So ... I know ... where I click the UI fires what XHR and links to which UI component.
When I was refactoring the script ... I found that ... when I open a XML with the CodeMirror integrated editor and then close it after loading ... Firebug tells me the following ...
"method is not defined" ... At first ... I was wondering if it's my introduced error ... So ... I spent time to setup another environment with cvs no-modification copy... But I still get the "method is not defined".
Then I see the green wordings saying the stuff relating to i18n ... So ... I spent time to look at it. I'm wondering is this a problem related to script include sequence in the php file or cross script reference issue .... This is because I googled: "javascript method is not defined" and read a stackoverflow page.
As time passes by ... I figure out that it could not be the referencing issue anymore when I try the bug reproduction steps again and again with one slight change.
Original reproduce procedure...
1. double click on a XML in "Files Need update"
2. close the newly opened tab after loading complete
3. you could get the err from firebug...
The slight modifed one...
1. double click on a XML in "Files Need update"
2. wait for a few second after loading complete
2. close tab
3. It's FINE!!!
The only thing I can do is to read the stack trace :p
> method is not defined
> _("Loading...") main.js (line 5)
> getFile()("9f389d22c5cd3246733a5c672c6dcf0f", "hk/chapters/","tutorial.xml", "FNU-LANG-PANEL-", "FNU-LANG-")
As you can see from the bold ... method is not defined is really a method which can be found by CodeMirror source ........ Then I look at the source and found that util.js is included using an iframe ... so ... step 2 ... "wait for a few second after loading complete" WORKS!
Next time ... i will see the stack trace before interrupting what's an error message actually mean......... :p silly man~
So... I try to study it by first refactoring ALL XHR in the script... So ... I know ... where I click the UI fires what XHR and links to which UI component.
When I was refactoring the script ... I found that ... when I open a XML with the CodeMirror integrated editor and then close it after loading ... Firebug tells me the following ...
"method is not defined" ... At first ... I was wondering if it's my introduced error ... So ... I spent time to setup another environment with cvs no-modification copy... But I still get the "method is not defined".
Then I see the green wordings saying the stuff relating to i18n ... So ... I spent time to look at it. I'm wondering is this a problem related to script include sequence in the php file or cross script reference issue .... This is because I googled: "javascript method is not defined" and read a stackoverflow page.
As time passes by ... I figure out that it could not be the referencing issue anymore when I try the bug reproduction steps again and again with one slight change.
Original reproduce procedure...
1. double click on a XML in "Files Need update"
2. close the newly opened tab after loading complete
3. you could get the err from firebug...
The slight modifed one...
1. double click on a XML in "Files Need update"
2. wait for a few second after loading complete
2. close tab
3. It's FINE!!!
The only thing I can do is to read the stack trace :p
> method is not defined
> _("Loading...") main.js (line 5)
> getFile()("9f389d22c5cd3246733a5c672c6dcf0f", "hk/chapters/","tutorial.xml", "FNU-LANG-PANEL-", "FNU-LANG-")
> main.js (line 1759)
> initialize()() main.js (line 4743)
> DomHelper()() ext-all.js (line 9)
> DomHelper()() ext-all.js (line 9)
> onInit()() Ext.ux.C...Mirror.js (line 59)
> init()() codemirror.js (line 153)
> method() util.js (line 8)
>
> var str = i18n[key];
> initialize()() main.js (line 4743)
> DomHelper()() ext-all.js (line 9)
> DomHelper()() ext-all.js (line 9)
> onInit()() Ext.ux.C...Mirror.js (line 59)
> init()() codemirror.js (line 153)
> method() util.js (line 8)
>
> var str = i18n[key];
As you can see from the bold ... method is not defined is really a method which can be found by CodeMirror source ........ Then I look at the source and found that util.js is included using an iframe ... so ... step 2 ... "wait for a few second after loading complete" WORKS!
Next time ... i will see the stack trace before interrupting what's an error message actually mean......... :p silly man~
十天
第0天:
她: "我們做十天的朋友吧. 這十天裡我把你當普通朋友. 你也一樣把我當朋友吧"
他: "對不起, 其實我想了很久, 我還是不成熟, 還不合適當你的男朋友. 是我負了你, 對不起"
晚上, 他哭了, 整晚沒睡. 他一直想著與她的一段段片段. 想著她對他的心意. 想著她...
第1天:
她: "昨天的說話有沒有後悔呀,呵呵... 起初匆忙地確定我們的關係,但是又匆忙地結束我們的關係不太好吧? 既然你說你不成熟,那就給你一個成熟的做一次決定的機會吧. 既然我想約定要做幾天的朋友的,不能一點也不給面子吧? 所以不管昨天之前是什麼關係, 也不管以後是什麼關係, 我們約定做一個月的好朋友吧"
他: "笨蛋, 十天變了一個月了... 其實不是說不給面子, 只是知道, 我還是不習慣. 我習慣跟普通朋友聊幾句 ... 可是不習慣常常的聊著. 你昨天晚上睡不著哭了吧... 我也哭了. 我其實很明白... 我沒好好的關心你..."
他知道這段關係是還可以挽留的, 但他沒有.. 因為, 他知道自己不合適去維持這段關係...
本來, 他已經心死了... 但是, 她卻不想就這樣結束這段感情.
她: "放棄愛一個人, 如果是為了讓他/她更幸福,那可以放棄. 但是如果選擇繼續愛一個人是為了讓他/她更幸福那為什麼要放棄"
他: "愛一個人也要懂得放手. 我錯了, 本來不應該開始, 繼續下去只會樣你一直不開心"
她: "如果你說我們的開始是一個錯誤的話, 那現在結束就是一個解決錯誤的完美答案嗎? 為什麼不嘗試用更好的辦法去解決這個錯誤呢"
她: "如果覺得現在不夠成熟, 其實你其他方面都很成熟, 就是對待感情不夠成熟. 但是, 最終總有一個從不成熟到成熟的過程. 你最後還是要過這一步的. 為什麼遇到問題就逃避而不敢從實質去解決? 你不想成為一個事業感情家庭都能成熟對待的人嗎"
他這時, 知道她不再想結束這感情, 但他實在知道自己的不足.. 卻真的想逃避.. 結果, 他說了一番非常狠的說話.
他: "我很辛苦. 要坐兩個多小時的車很辛苦、想見的時候見不到很辛苦、到一個陌生的地方很辛苦、常常用文字遘通很辛苦" (因為他們相隔異地)
她: "真的沒有想像到和我的這段相處, 你會覺得是那麼的辛苦. 想到最初我的想法和你現在的一樣. 當時你的一句話 - 其實這些都不重要. 一句什麼都不重要的話,讓我放下了一切顧慮"
他: "其實我很自私, 你就當我是負心人吧! 我不值得你去愛, 我不想大家辛苦下去"
過了很久... 他還沒收到她的回覆... 他開始擔心起上來...
他: "笨蛋, 又在哭嗎?"
她: "你還會擔心我嗎? 剛剛那些話, 真的可以透涼到心底"
他聽了, 淚一直下...
他: "你很壞, 常常說一些要人哭的話... 笨蛋!"
她: "你不是也一樣嗎? 擔心我哭, 可是哪句話不會讓我不哭呢"
她: "你每次坐兩個多小時車來見我, 我當然知道你很辛苦. 你曾說了這不重要, 就是因為這些都可以解決的. 自從我答應你之後就沒考慮這些"
她: "因為我知道只要能吃苦, 沒有過不去的. 要我等3年, 我也願意. 但是我不能接受你心裡沒有我" (他們有3年成婚之約)
他: "為什麼你要對我這樣好... 為什麼要對一個常常忽略你的人這樣好"
她: "因為一個我累時, 樂意幫我按摩的人. 因為一個和我吵了架, 夢裡喊我名字的人. 因為一個在車上怕我暈車, 怕我扶手扶痛, 要我抱他腰的人. 因為一個怕我睡不好, 用膊頭給我當枕頭的負心的人..."
他: "就當我們有緣沒份吧..." (這時, 他的淚水下得更多...)
她: "現在一句話就結束了嗎? 怎麼沒有前幾天的,想去修補我們關係的勇氣了"
話說不是第一次因他忽略她而令到關係緊張了... 他就是知道... 一次又一次的忽略她, 一次又一次的令她失望... 他只說了三個字...
他: "我累了"
她: "你這次真的放棄了嗎? 曾經說要喝我煲的湯, 可是還沒嚐過, 就放棄了嗎? 曾經說要我幸福, 現在不關心我的幸福了嗎?" (他的淚下得不停)
她: "你要做回自私的人, 為什麼對其他的人你可以無私奉獻? 對我就要自私, 真的是為了我未來的幸福嗎"
他: "我就是知道帶不了幸福給你... 還是算吧... 我已經連流淚的力也沒有啦"
她: "不要那麼不重視一次決定好不好? 為什麼不能好好的溝通? 為什麼可以對我這樣?"
他: "靜下來一天好嗎? 是我負了你"
她: "我何嘗不想靜下來? 可是靜不下來"
這時, 他再不想說些什麼... 只想一直的哭下去... 他心中只知道... 原來... 喜歡一個人跟愛一個人是不一樣的. 他很愛她, 但卻怕負了她, 只想她找到比他更好的.
過了很久很久.... 他知道她在街上... 又很久沒消息... 又再擔心起來.
他 (帶著冷淡的語氣) : "到家了沒有, 到家給我發個短訊就好了"
她: "我放不下, 我的心很痛"
他: "在那啦?? 還沒回去嗎? 找你的姪子玩吧.. 不要一個人在街"
她: "我怕在家人面前哭. 我很沒用的, 常常哭"
他更擔心了... 只好來個小計...
他: "我的乖乖, 聽話快回家, 回家再說吧"
她: "我聽話, 不要不理我, 我回家"
他: "好啦, 我在網上等你"
他本來只是想騙她先回家... 他便可安心一點...
他: "笨蛋, 有沒有哭到眼晴累累的?"
她: "其實一直在想, 為什麼我們兩個都是一遇到困難, 首先想到的是放棄? 曾經還說過的, 不要輕易放棄的說"
他知道她到家了.. 還是只想快一點靜下來想想...
他: "我的眼睛哭得快睜不開了. 早點休息, 明天靜下來再談好嗎"
她: "可是睡不著, 現在談吧"
她: "我們做十天的朋友吧. 這十天裡我把你當普通朋友. 你也一樣把我當朋友吧"
他: "對不起, 其實我想了很久, 我還是不成熟, 還不合適當你的男朋友. 是我負了你, 對不起"
晚上, 他哭了, 整晚沒睡. 他一直想著與她的一段段片段. 想著她對他的心意. 想著她...
第1天:
她: "昨天的說話有沒有後悔呀,呵呵... 起初匆忙地確定我們的關係,但是又匆忙地結束我們的關係不太好吧? 既然你說你不成熟,那就給你一個成熟的做一次決定的機會吧. 既然我想約定要做幾天的朋友的,不能一點也不給面子吧? 所以不管昨天之前是什麼關係, 也不管以後是什麼關係, 我們約定做一個月的好朋友吧"
他: "笨蛋, 十天變了一個月了... 其實不是說不給面子, 只是知道, 我還是不習慣. 我習慣跟普通朋友聊幾句 ... 可是不習慣常常的聊著. 你昨天晚上睡不著哭了吧... 我也哭了. 我其實很明白... 我沒好好的關心你..."
他知道這段關係是還可以挽留的, 但他沒有.. 因為, 他知道自己不合適去維持這段關係...
本來, 他已經心死了... 但是, 她卻不想就這樣結束這段感情.
她: "放棄愛一個人, 如果是為了讓他/她更幸福,那可以放棄. 但是如果選擇繼續愛一個人是為了讓他/她更幸福那為什麼要放棄"
他: "愛一個人也要懂得放手. 我錯了, 本來不應該開始, 繼續下去只會樣你一直不開心"
她: "如果你說我們的開始是一個錯誤的話, 那現在結束就是一個解決錯誤的完美答案嗎? 為什麼不嘗試用更好的辦法去解決這個錯誤呢"
她: "如果覺得現在不夠成熟, 其實你其他方面都很成熟, 就是對待感情不夠成熟. 但是, 最終總有一個從不成熟到成熟的過程. 你最後還是要過這一步的. 為什麼遇到問題就逃避而不敢從實質去解決? 你不想成為一個事業感情家庭都能成熟對待的人嗎"
他這時, 知道她不再想結束這感情, 但他實在知道自己的不足.. 卻真的想逃避.. 結果, 他說了一番非常狠的說話.
他: "我很辛苦. 要坐兩個多小時的車很辛苦、想見的時候見不到很辛苦、到一個陌生的地方很辛苦、常常用文字遘通很辛苦" (因為他們相隔異地)
她: "真的沒有想像到和我的這段相處, 你會覺得是那麼的辛苦. 想到最初我的想法和你現在的一樣. 當時你的一句話 - 其實這些都不重要. 一句什麼都不重要的話,讓我放下了一切顧慮"
他: "其實我很自私, 你就當我是負心人吧! 我不值得你去愛, 我不想大家辛苦下去"
他: "我們分手吧"
他: "做一對不久就關心對方的朋友, 不是好多嗎"
他: "做一對不久就關心對方的朋友, 不是好多嗎"
過了很久... 他還沒收到她的回覆... 他開始擔心起上來...
他: "笨蛋, 又在哭嗎?"
他: "還在嗎? 不要不說話. 很擔心你"
她: "你還會擔心我嗎? 剛剛那些話, 真的可以透涼到心底"
他聽了, 淚一直下...
他: "你很壞, 常常說一些要人哭的話... 笨蛋!"
她: "你不是也一樣嗎? 擔心我哭, 可是哪句話不會讓我不哭呢"
她: "你每次坐兩個多小時車來見我, 我當然知道你很辛苦. 你曾說了這不重要, 就是因為這些都可以解決的. 自從我答應你之後就沒考慮這些"
她: "因為我知道只要能吃苦, 沒有過不去的. 要我等3年, 我也願意. 但是我不能接受你心裡沒有我" (他們有3年成婚之約)
他: "為什麼你要對我這樣好... 為什麼要對一個常常忽略你的人這樣好"
她: "因為一個我累時, 樂意幫我按摩的人. 因為一個和我吵了架, 夢裡喊我名字的人. 因為一個在車上怕我暈車, 怕我扶手扶痛, 要我抱他腰的人. 因為一個怕我睡不好, 用膊頭給我當枕頭的負心的人..."
他: "就當我們有緣沒份吧..." (這時, 他的淚水下得更多...)
她: "現在一句話就結束了嗎? 怎麼沒有前幾天的,想去修補我們關係的勇氣了"
她: "可是你都沒有嘗試過,去修補這次"
話說不是第一次因他忽略她而令到關係緊張了... 他就是知道... 一次又一次的忽略她, 一次又一次的令她失望... 他只說了三個字...
他: "我累了"
她: "你這次真的放棄了嗎? 曾經說要喝我煲的湯, 可是還沒嚐過, 就放棄了嗎? 曾經說要我幸福, 現在不關心我的幸福了嗎?" (他的淚下得不停)
她: "你要做回自私的人, 為什麼對其他的人你可以無私奉獻? 對我就要自私, 真的是為了我未來的幸福嗎"
他: "我就是知道帶不了幸福給你... 還是算吧... 我已經連流淚的力也沒有啦"
她: "不要那麼不重視一次決定好不好? 為什麼不能好好的溝通? 為什麼可以對我這樣?"
他: "靜下來一天好嗎? 是我負了你"
她: "我何嘗不想靜下來? 可是靜不下來"
她: "你這個大壞蛋, 可不可以教幾種讓我靜下來的方法.. 我怕回家在家人面前哭"
她: "你既然把跟我的相處看成負擔, 那我還是不成為你的負擔吧... 希望你記住曾經有個唯一的女朋友為你流淚, 有個天天牽掛你而被你忽略的人"
這時, 他再不想說些什麼... 只想一直的哭下去... 他心中只知道... 原來... 喜歡一個人跟愛一個人是不一樣的. 他很愛她, 但卻怕負了她, 只想她找到比他更好的.
過了很久很久.... 他知道她在街上... 又很久沒消息... 又再擔心起來.
他 (帶著冷淡的語氣) : "到家了沒有, 到家給我發個短訊就好了"
她: "我放不下, 我的心很痛"
她: "你不可以不要我的.. 你曾說過, 要照顧我一生. 以前是, 以後也是. 不要對我說那麼狠心的話"
他: "在那啦?? 還沒回去嗎? 找你的姪子玩吧.. 不要一個人在街"
她: "我怕在家人面前哭. 我很沒用的, 常常哭"
他更擔心了... 只好來個小計...
他: "我的乖乖, 聽話快回家, 回家再說吧"
他: "快回家, 你不回去, 我就不理你, 回家網上談吧.."
她: "我聽話, 不要不理我, 我回家"
他: "好啦, 我在網上等你"
他本來只是想騙她先回家... 他便可安心一點...
他為了這段可挽留而怕最後卻害傷她的感情, 掙扎了一整天..
最後... 他仍留在網上等她的出現...
他: "笨蛋, 有沒有哭到眼晴累累的?"
她: "其實一直在想, 為什麼我們兩個都是一遇到困難, 首先想到的是放棄? 曾經還說過的, 不要輕易放棄的說"
他知道她到家了.. 還是只想快一點靜下來想想...
他: "我的眼睛哭得快睜不開了. 早點休息, 明天靜下來再談好嗎"
她: "可是睡不著, 現在談吧"
他: "不要, 明天談吧"
... 兩個人一直的爭了幾句... 最後他下線了.
過了一會... 她又發短訊了...
她: "你睡覺了嗎? 是不是眼睛痛得不想對著電腦? 還是為了讓我徹底死心? 其實我是早上才看到你的短信. 從看到短信起就一直在流淚, 但是開始一直忍著、克制著, 所以給你發了電郵. 但是之後實在忍不住了"
她: "給我點勇氣, 讓我安心吧"
他仍沒睡, 卻想裝睡下去...
她: "我看了以前你給我發的短信. 我好難受, 我知道你沒有睡著, 可是你不要不理我"
她: "幾天前, 你還說了要學會做我的好老公的..."
他開始心動 ... 但卻仍堅持著.
她: "我很沒用, 說了讓你睡, 可是我真的很難受. 為什麼我們要相互折磨對方呢?"
過了又一會...
她: "我又一遍看了你和我的blog. 護身符其實很有用, 因為它不但讓我沒怎麼生病, 還讓我愛上了你. 可是不知道護身符會不會繼續保護我, 因為他就是你. 我不想讓護身符離開" (那個護身符應該算是他們的訂情信物吧....)
他堅持不了...
他: "嘈死啦 明天才說吧"
他: "親愛的~ 樣親愛的睡吧~"
她: "同樣的一句話, 怎麼換種方式說, 聽起來就感覺完全不一樣啦. 聽了第一句話, 我完全崩潰. 聽了第二句話, 我想抱著你親一口. 好啦, 親愛的不吵親愛的了. 可是親愛的明天不要放棄親愛的, 有什麼苦, 有什麼問題, 我都願意和你一起承擔的. 我不想輕易放棄你, 你也不要我"
就這樣... 過了第一天. 他其實還沒下決定... 因為.. 他想靜靜的想.. 想一想, 是否去修補這段感情...
第2天:
她跟他說了很多很多, 但他卻只想靜下來, 只好一時冷淡的回應, 又一時關心的問候...
到了深夜...
他: "你在睡吧.. 其實, 我不想樣你傷心. 我知道最近你受了很多苦, 可是我沒好好關心你... 其實我沒想過我們將來怎樣, 太多不明因素啦. 只是想問你, 將來你又需要我關心的時候, 我又卻忽略你, 我又沒關心你, 你會怎樣想呢"
她: "其實我在意的, 是最終你願意跟我過嗎?"
他給了她一個很失望的答案.
他: "這麼短時間就可以肯定嗎? 可以樣我們再認識多一點才回答嗎?"
她: "那不急著回答吧. 那我們接下來的時間, 先不考慮這些吧. 順其自然吧讓時間來回答吧"
第3天:
她在Blog 裡留了一封信給他....
結果 .... 他說了一句: "對不起, 我們重新開始, 好嗎?"如果你覺得認定了我,那你跟我說下,如果現在沒認定,可以到你認定的那天,再告訴我。如果你現在沒認定我,或者將來也沒認定我,那請你永遠不要跟我講,就讓時間去平息這一切吧。因為我不知道我還有沒有承受力去承受這一答案。感情不是遊戲,不是一句簡單的話,我們開始吧,我們結束吧,就開始了,就結束了。一個真正負責任的人不會輕易的去開始,也不會輕易的去結束,除非到了不得不開始的時候,除非到了無法挽回不得不結束的時候,因為這都將影響人的一輩子。開始的時候請多思考些問題,不是一句簡單的是個錯誤的開始,我們結束吧,就結束了。因為以後也許這些簡單的幾句話,就會結束一個美麗的生命,即使你不為之感到惋惜,我相信在你一輩子的生活裡也會留下陰影。所以請從一開始就做個負責任的人吧,而不是太多的我還不成熟之類的話。... 既然開始了,即使是個錯誤,但也是一個不同尋常的錯誤,因此不能像解決其他錯誤一樣-既然是錯誤就結束這個錯誤吧。其實這些都是不負責任的做法,是在逃避。這些都是說起來簡單,做起來很難。...最後祝你事業上輝煌,我相信以你現在的事業心態肯定可以實現你的事業夢想!同時祝你感情美滿,請不要無心地傷害下一個愛你的女孩。認定她之後再去追,認定她之後,選擇了開始,就不要輕易跟她說--選擇放棄吧。請不要跟我說--我負了你之類的話,傷害了一個人,說這些話只會讓她更傷害,讓時間去平息這一切吧!
Friday, May 08, 2009
Oracle FAQ for Sun Acquisition...
The faq can be found here
Just wondering ... is the purpose of Greening an economic consideration or a sustainability consideration??
What's the "1st cause" of Greening??
This is not just a green issue, it’s an economic issue. Today, database centers are paying as much for electricity to run their computers as they pay to buy their computers.
or ... it's just a win-win situation and so the 1st cause can be ignored??
Thursday, May 07, 2009
some words from Larry... @ Michigan 2009
Google's co-founder just gave a commencement address @ Michigan...
I won't compare it with Steve's but I can say both of them are ambitious!
I very like two sentences which I quote here....
You know what it's like to wake up in the middle of the night with a vivid dream? And you know how, if you don't have a pencil and pad by the bed to write it down, it will be completely gone the next morning?Just like me, your families brought you here, and you brought them here. Please keep them close and remember: they are what really matters in life.
For the 1st sentence, I was thinking whether he's making a joke at the very beginning... But, when he elaborate further .... There's actually meaning in it. What's that mean??? Another sentence from him can explain "When a really great dream shows up, grab it!".
That's true ... That's always true! A dream will be completely gone in the next morning !!
I have my dream ... I know it is not a crazy dream at the moment... But... I'll make it crazy someday later.
On the other hand, the 2nd sentence remind me to do more with my family.. Frankly speaking... I know i'm not doing so well with my family... My brother is doing much more than me ... I should learn from him to do better with my family =] (i'm not doing bad to my family anyway^^")
Saturday, May 02, 2009
一句讓我刻骨鉻心的說話
不要以為就你的時間很寶貴,別人都是閒人. 別人也是抽時間跟你聊,為什麼就在別人好心好意跟你聊時,你心不在焉? 有這種那種忙的理由? 好像你是神人,可以一心幾種,心在玩,然後這邊敷衍幾句.
my blog ... a New Look =]
Just changed the template here =]
Having a clear looking now ~~ yeah~~~ i'm loving it :p
Template from http://btemplates.com/2009/04/15/greenpress/ ~~ Many thx for the beauty work~~~~
Cool!!!
Monday, April 27, 2009
HTML5 + SVG + CANVAS = CHROME!!
FYP SUCKS!!! It uses all my time ..... I missed an important news .....
The news about Chrome Experiment....
http://www.chromeexperiments.com/ - These experiments were created by designers and programmers from around the world using the latest open standards, including HTML5, Canvas, SVG, and more. Their work is making the web faster, more fun, and more open – the same spirit in which we built Google Chrome.I think .... I have a long way to catch the latest again -o-........
Sunday, April 26, 2009
The day after ... An Annual Experiment
As ... last year .... i'm not able to stay in project lab .... I cannot continue the experiment....
So... the last experimental result can only be refer to the year before last year ....
see http://mrkschan.blogspot.com/2007/04/project-lab.html for the result.
This year .... I'm a citizen in the project lab ... so ... let me report the result of this year...
Today = The Day after FYP is Over...
Head count() <= 5.
Result is as expected. Looking forwards to next year's result.
So... the last experimental result can only be refer to the year before last year ....
see http://mrkschan.blogspot.com/2007/04/project-lab.html for the result.
This year .... I'm a citizen in the project lab ... so ... let me report the result of this year...
Today = The Day after FYP is Over...
Head count() <= 5.
Result is as expected. Looking forwards to next year's result.
Monday, April 13, 2009
The Art of Computer Science
藝術, 是抽象的, 是需要親身感受才知曉的.
同一段音律, 同一篇樂譜, 經過不同的人, 不同的演譯手法, 帶給人不同的感覺,不同的影響. 這.. 就是藝術嗎?
如果你認同的話... 科學, 理應亦是一門藝術!
科學分為兩類: 一為立論層面、一為應用層面.
從立論層面角度看. 由觀察, 到假設. 由假設, 到實驗與推論. 由實驗與推論, 到定論. 由定論, 到再假設.
從應用層面角度看. 同樣由觀察, 到設計. 由設計, 到實踐理論. 由實踐理論, 到測試. 由測試, 到廣泛應用. 由廣泛應用, 到再觀察.
綜合兩方面的過程, 同樣可以是... 經過不同的人, 不同的手法, 帶給人不同的結果,不同的影響. 最終亦是可以帶給人不同的感覺,不同的影響. 科學, 理應亦是一門藝術!
至於, 電腦科學呢?
理論上, 電腦科學理應同樣繼承了科學的藝術.
這些東西... 在今早看一套與音樂有關的電視劇時想到的....
這一篇文章的重點, 並不在於尋找科學的藝術價值... 而是尋找科學的藝術價值在於我本身的價值.
其實... 這價值只不過是一條問題的答案... 而這條問題, 我亦層經在之前不時提出. "我在大學究竟做什麼?"
理論上, 在大學所能學會的理論與實踐手法, 在其他大學, 什至乎書本上亦可學會. 更什的是, 有很多知識在大學學不會! 那在大學的存在意義到底是什麼?
可能有人會說... 入大學與自學的分別在於, 大學有人指導. 但到了廿十世紀後, 亙聯網的出現已經令這一個說法失去其意義. 自學亦可從網上發問, 不知為什麼的, 網上亦會有人回應. 那麼.. 入大學做乜!?
很溥淺的說... 拿一張畢業証書, 出來社會找工作嗎? 沒錯! 人是溥淺而扮高尚的動物. 我亦是溥淺的人! 但是, "我在大學究就做什麼?" 這問題的答案... 我仍在尋找. 很可能, 快將畢業的同學們早已有他們的答案... 而我... 卻還沒有我自己的答案. 又可能... "我在大學究竟做什麼?"的答案就是尋找"我在大學究竟做什麼?"
這個答案, 希望有幸在研讀生涯找到. 或者... 答案就是要享受科學的藝術.
那麼... 科學呢? 科學又有沒有藝術的存在? 而電腦科學... 又有沒有繼承科學本身應有的藝術? 既然, 音樂是藝術的一類, 就拿音樂作一個比喻.source from wiki...
艺术(art)一词源自于拉丁文ars,意为“技巧”,现在虽保有原意,却也衍生出更广义的含意,几乎包括所有的创造性学问。
目前艺术的大类包括:
同一段音律, 同一篇樂譜, 經過不同的人, 不同的演譯手法, 帶給人不同的感覺,不同的影響. 這.. 就是藝術嗎?
如果你認同的話... 科學, 理應亦是一門藝術!
科學分為兩類: 一為立論層面、一為應用層面.
從立論層面角度看. 由觀察, 到假設. 由假設, 到實驗與推論. 由實驗與推論, 到定論. 由定論, 到再假設.
從應用層面角度看. 同樣由觀察, 到設計. 由設計, 到實踐理論. 由實踐理論, 到測試. 由測試, 到廣泛應用. 由廣泛應用, 到再觀察.
綜合兩方面的過程, 同樣可以是... 經過不同的人, 不同的手法, 帶給人不同的結果,不同的影響. 最終亦是可以帶給人不同的感覺,不同的影響. 科學, 理應亦是一門藝術!
至於, 電腦科學呢?
理論上, 電腦科學理應同樣繼承了科學的藝術.
這些東西... 在今早看一套與音樂有關的電視劇時想到的....
這一篇文章的重點, 並不在於尋找科學的藝術價值... 而是尋找科學的藝術價值在於我本身的價值.
其實... 這價值只不過是一條問題的答案... 而這條問題, 我亦層經在之前不時提出. "我在大學究竟做什麼?"
理論上, 在大學所能學會的理論與實踐手法, 在其他大學, 什至乎書本上亦可學會. 更什的是, 有很多知識在大學學不會! 那在大學的存在意義到底是什麼?
可能有人會說... 入大學與自學的分別在於, 大學有人指導. 但到了廿十世紀後, 亙聯網的出現已經令這一個說法失去其意義. 自學亦可從網上發問, 不知為什麼的, 網上亦會有人回應. 那麼.. 入大學做乜!?
很溥淺的說... 拿一張畢業証書, 出來社會找工作嗎? 沒錯! 人是溥淺而扮高尚的動物. 我亦是溥淺的人! 但是, "我在大學究就做什麼?" 這問題的答案... 我仍在尋找. 很可能, 快將畢業的同學們早已有他們的答案... 而我... 卻還沒有我自己的答案. 又可能... "我在大學究竟做什麼?"的答案就是尋找"我在大學究竟做什麼?"
這個答案, 希望有幸在研讀生涯找到. 或者... 答案就是要享受科學的藝術.
Monday, April 06, 2009
gsoc .. 兩年前、一年前、今年的想法
Google Summer Of Code ... 是我在兩年前認識的一個 program. 當我第一次接觸它的時間, 它已經 deadline 了.
自此, 小弟不斷的留意與 GSOC 有關的消息. 直至一年前, GSOC 2008 的舉辦... 小弟心動了... 只可惜... 因為要到某銀行實習, 給了自己一個藉口, 繼而卻步於門前. 那一年... 小弟雖未能參與其中... 但亦在歐遊的期間, 參與了 Google Code Jam (GCJ). 由於未有準備 + 人在歐遊 , 結果很自然連第一round 都過不了.
這一年, GSOC 2009 舉辦了, 起初未有心動. 後來, 得到一位朋友的問題: "有沒有興趣參加這一年的 GSOC ?" 小弟對 GSOC 的情意結又一次的被觸動了.
事實上... 小弟這一年是 undergrad 的最後一年... 假如讀不上 mphil, 就是最後一年的學生生涯. 換句話說, 很大可能是最後一個參與 GSOC 的機會. 坦白說, 就算有多忙, 也要花時間參與.. 無論成功與否... 就像馬雲所說: "放弃才是最大的失败". (那麼... 不成功便成仁麼!? XD)
April 20 19:00 UTC 便是結果公報的時間, 靜候 ...
Anyway ... i will go for GCJ this year ~~~
自此, 小弟不斷的留意與 GSOC 有關的消息. 直至一年前, GSOC 2008 的舉辦... 小弟心動了... 只可惜... 因為要到某銀行實習, 給了自己一個藉口, 繼而卻步於門前. 那一年... 小弟雖未能參與其中... 但亦在歐遊的期間, 參與了 Google Code Jam (GCJ). 由於未有準備 + 人在歐遊 , 結果很自然連第一round 都過不了.
這一年, GSOC 2009 舉辦了, 起初未有心動. 後來, 得到一位朋友的問題: "有沒有興趣參加這一年的 GSOC ?" 小弟對 GSOC 的情意結又一次的被觸動了.
事實上... 小弟這一年是 undergrad 的最後一年... 假如讀不上 mphil, 就是最後一年的學生生涯. 換句話說, 很大可能是最後一個參與 GSOC 的機會. 坦白說, 就算有多忙, 也要花時間參與.. 無論成功與否... 就像馬雲所說: "放弃才是最大的失败". (那麼... 不成功便成仁麼!? XD)
April 20 19:00 UTC 便是結果公報的時間, 靜候 ...
Anyway ... i will go for GCJ this year ~~~
Thursday, April 02, 2009
my gsoc proposal submitted to php.net
Proposal: Online editor for the PHP Manual ... http://wiki.php.net/gsoc/2009#online_editor_for_the_php_manual
Currently, the documentation work is synchronized by cvs. But still, there are potential conflicts due to redundant work. Besides, it's not that easy to share the works or even pipelining the works in a distributed environment. Therefore, a centralized environment is introduced.
The editor is still under development and the source can be found by http://cvs.php.net/viewvc.cgi/doc-editor/
Short Description: In order to ease the work of PHP Documentation Group, work on Online Editor for PHP Manual has already started by Yannick... The Online Editor mimicks an offline PHP documentation environment by using ExtJS as ide alike ui and providing xml-editor with CodeMirror syntax highlighting. The documentation group can make changes online, DocBook syntax check, CVS Log/Diff/Commit, patch review list, etc.
Full Description:
PhD OE allows PHP Documentation Group to carry documentation right ahead through the browser instead of using cvs to synchronize their local copy. There is ide alike ui on PhD OE so that the doc-group can directly edit the PHP DocBook xml online. Despite, PhD OE also eases the collaboration in an open documentation environment. Doc-group can share the workloads easily since they no longer need to pass the local modified copies around but on PhD OE. In addition to this, PhD OE does allow community contributor to submit patch so that the doc-group can review the patch in a centralized location like an issue list.
To find out the implemented features of PhD OE, visit following posts on mailing list:
Currently, there are some opening issues on the TODO list (found by - http://cvs.php.net/viewvc.cgi/doc-editor/TODO?revision=1.5&view=markup). One of the major task is to "Split main.js into several objects & files" because of the coding readability, continunity, and scaliability. main.js contains ui of PhD OE. There are 6922 lines of code in revision 1.21. It is obvious that maintaining such a large piece of codes is tidous and not that good. Thus, this proposal describe how to split the main.js and merge the js for deployment.
Right before talking about the split, let's see how to merge. ExtJS ant script make use of YUI compressor. So, there's no doublt that YUI compressor is a good choice to merge js in this project as the ui depends on ExtJS. Anyway, moving back to the split, main.js can be split based on module. I suggest Java alike model using 1 module 1 class 1 js. This is the practice I used in my own ExtJS project. Nevertheless the split is time consuming, the effort spent on this kind of refactoring allows me to better understand how the ui works and improve the structure. The proposed approach follows.
- Fork a branch to work on refactoring. The trunk keeps on development
- Refactor and Test the branch... Testing is important here! No failure should be induced by refactoring.
- Merge the modified trunk to the refactored branch.
- Freeze trunk, test the merge.
- Done.
Another task is to "Clean up class.php". Again, a refactoring task. class.php is the "bootstrap" residing on the apache server ... with 4075 lines of code in revision 1.21. As written in the TODO list, initial ideas for refactoring already exist. It would be splited into several smaller classes that are quite relatively independent to each other. The proposed appraoch would be somehow the same as refactoring main.js. Fork, Refactor & Test, Merge, Freeze & Test, complete!
Thirdly, according to the TODO list again... the mod_rewrite task is another "better to have first". It makes the codes look much better to understand. This task is pretty strict forward. Design the pattern, write the regular expression on apache conf (.htaccess could be the choice). And then, reflects the changes in both php and js. It's totally different from refactoring, no forking and no code freezing.
Finally, if there's still plenty of time, I would like to propose that the modified but not-yet-saved file should have a lock or google-doc alike collaborative editing. When someone is editing a file with file-based locking, others cannot edit it at the same time before the file is commited (lock released). This reduce the chance of having conflict in modification. If collaborative editing is considered, high level DocBook xml-tag locking can be considered. This means ... partly locking the file so that anyone can edit different parts of the same file. When conflict occur, notify the editors. This would be another busy task.
Timeline:
Community Bonding Period - Study current PhD OE architecture. Confirm refactoring procedures and exact deliverables with mentor.
May 23 ~ June 20 [around 4 man week] - Refactor & Test main.js
June 20 ~ June 27 [around 1 man week] - Merge Refactored code with trunk + Testing + Documentation
June 27 ~ July 4 - [around 1 man week] - Compile interim report
July 4 ~ July 18 [around to 3 man week] - Refactor & Test class.php
July 18 ~ July 25 [around 1 man week] - Merge Refactored code with trunk + Testing + Documentation
July 25 ~ August 15 [around 3 man week] - Implement mod_rewrite, reflect changes in php and js + Testing + Documentation
August 15 onwards - Compiling final report
Category (PHP, PELC, PEAR, other): PHP Manual
