Share008資訊科技公司

我是資深的電腦資訊從業員,曾於 Motorola 及 Philips 等跨國大型公司管理層工作十多年,具各類ERP資源管理系統及其它應用系統經驗,如QAD之MFG/PRO、SAP、Ufida(用友)、Kingdee(金蝶)、Microsoft's Dynamic、Wonderware's In-Track (SFC)、Webplan (SCM)、Hyperion (business intelligence)、Informatics (Data Warehouse)...等等。另外,我精於廠房車間之電腦資訊運作,擁有 CISSP 及 ITIL 認證,能提供日常資訊運作之檢測及審查,以提高操作效率。 本人誠意為各類大中小型廠房提供資訊審計、支援及意見,歡迎聯絡,電郵為 au8788@gmail.com

「ERP資源管理系統」已是現今廠房管理必不可少的工具,提高它的效能,絕對能改善公司之盈利,請多多留意。

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

提供香港股票價位歷史數據

我想很多人會對"香港股票價位的歷史數據"有興趣,我已下載成Microsoft Access database version 2000 的文檔,資料由2008/1/1至2009/12/2,zip壓縮後也有11M,若索取請留你的PM我 。

祝願各瀏覽者股壇威威!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2014年8月28日

IT人在工廠日記 – 面對電腦資訊服務外判的挑戰

最近,收到外判電腦資訊服務月費計劃 的广告,如下附件,外判 IT工作的服務費又下調了,亦即公司內部IT員工的待遇繼續受壓,IT人要繼續忍耐呀。最重要是不放棄,自我增值,希望在明天呢!
>>>>> 電腦資訊服務外判的月費計劃 >>>>>
用電腦 , 效率高 , 壞電腦 , 最煩惱
查詢電話 : 梁先生  xxxxxxxx
老細     –  Notebook 又收唔到電郵喎 !
Sales     –  上唔到網呀!  好慘
會計部  -  PC 要重裝Windows 呀 !  好驚
Shipping –  又上唔到 Server
一個月費無限上門  服務
10 PC + 1 Server = $1900
20 PC + 1 Server = $2900
真正為客戶解決電腦問題

Reference link : http://infotechmanagefactory.com/%E5%A4%96%E5%88%A4-support-%E6%9C%88%E8%B2%BB%E8%A8%88%E5%8A%83/

打工眾生相 (七言絕詩)

失業半年返職場,
劏雞還神燒炮仗,
開工本應喜洋洋,
誰知世態變炎涼,
掃地阿嬸識雞腸,
看更得過文學獎,
學士碩士唔馨香,
皆因博士也在場。
助理一職百人搶,
人工一定唔理想,
八九仟蚊算中上,
十二個月無雙糧,
打字影印寫文章,
有空送信兼抹窗,
早場做到午夜場,
七天工作真無良。
週一驗貨到南昌,
週二見客在新疆,
週三蒙古收爛賬,
週四重慶釘木箱,
週五東莞曬臘腸,
週六返港天已亮,
週日加班無補償。
晚上終於胃潰瘍,
對住老板要讚賞,
對應上司扮羔羊,
對付下屬要表揚。
老細鬧我正粉腸,
開會猶如打靶場,
畀人插到胃氣脹,
鬧完仲要拍手掌。
返工慘過去當娼,
皆因形勢比人強,
無奈只有扮智障,
只為月底一份糧。
笑臉迎人裝模樣,
像是置身於歡場,
這種壓力無法想,
長此下去會缺氧。
打算請假來休養,
老細面孔像晚娘,
再講除非嫌命長。
妻兒少見無印象,
晚餐白飯豆瓣醬,
身心疲累自惆悵,
真想回鄉去插秧,
或是少林當和尚。
不知不覺進夢鄉,
夢裡見到文天祥,
廟前幫人看面相,
招手要我捧個場,
端詳面相看手掌,
贈言我來日方長,
各行各業可多嘗,
虛心學習要忍讓,
挖角升職薪水漲,
有家有娘有車輛,
撥開雲霧見太陽,
天空海闊任飛翔。
睜眼還是四面牆,
擦牙洗面打開窗,
早餐多士凍鴛鴦,
以上所講無誇張,
全是打工眾生相。

2014年8月19日

Script to install OpenVPN on Linux

Steps to Install OpenVPN Server on Linux
1. Install tun
# wget http://vtun.soruceforge.net/tun/tun-1.1.tar.gz
# tar –zxvf tun-1.1.tar.gz
# cd tun-1.1
# ./configure
# make
# make install
# modprobe tun
# edit /etc/modules.conf
  alias char-major-90 tun           ! for 2.2.x Core
  alias char-major-10-200 tun       ! for 2.4 Core
# modprobe –a
Add to rc.local  “ modprobe tun “

2. Install SSL
# rpm –qa |grep openssl
# wget http://www.openssl.org/source/openssl-1.0.0g.tar.gz
# tar –zxvf openssl-1.0.0g.tar.gz
# cd openssl-1.0.0g
# ./configure
# make
# make install

3. Install lzo
# wget http://www.oberhumer.com/opensource/lzo/download/lzo-2.08pw.tar.gz
# tar –zxvf ..   / cd  ..   /   ./configure   /  make    /   make install

4. Install openvpn
# wget http://swupdate.openvpn.org/community/releases/openvpn-2.2.2.tar.gz
# tar –zxvf ..   / cd  ..   /   ./configure   /  make    /   make install

Openvpn-2.2.2#  mkdir etc
Openvpn-2.2.2#  mkdir keys
Openvpn-2.2.2#  cp /root/openvpn-2.2.2/sample-config-files/server.conf /usr/local/openvpn-2.2.2/etc
Openvpn-2.2.2#  cp –ra /root/openvpn-2.2.2/easy-rsa /usr/local/openvpn-2.2.2
Openvpn-2.2.2#  vi /usr/local/openvpn2.2.2/easy-rsa/vars
                …
Export EASY_RSA=”’pwd’”
                …
                Export OPENSSL=”openssl”
                Export PKCS11TOOL=”pkcs11-tool”
                Export GREP=”grep”
                …
                Export KEY_CONFIGURE=’$EASY_RSA/whichopensslcnf $EASY_RSA’
                …
                Export KEY_DIR=”EASY_RSA/keys”
                …
                Export PKCS11_MODULES_PATH=”dummy”
                Export PKCS11_PIN=”dummy”
                …
                Export KEY_SIZE=1024
                …
                Export CA_EXPIRES=3650
                …
Export KEY_EXPIRE=3650
                …
                Export KEY_COUNTRY=”CN”
                Export KEY_PROVINCE=”BJ”
                Export KEY_CITY=”Beijing”
                Export KEY_ORG=”w3”
                Export KEY_EMAIL=xxx@xxx.com.hk
                Export KEY_CN=xxx
                Export KEY_NAME=infoctech
                Export KEY_OU=xxx
                Export PKCS11_MODULE_PATH=changeme
                Export PKCS11_PIN=1234

# source vars
# ./clean-all

5, Create CA & Cert
# ./build-ca
# ./build-key-server server            ! sign the certificate = y
# ./build-key client2                  ! sign certificate = y

6. Create Diffie Hellman
# ./build-dh
# cp /usr/local/openvpn-2.2.2/easy-rsa/keys/* /usr/local/openvpn-2.2.2/keys

7. Start OpenVPN
# /usr/local/openvpn-2.2.2/sbin/openvpn /usr/local/openvpn-2.2.2/etc/server.conf
# cp /root/openvpn2.2.2/sample-scripts/openvpn.init /etc/init.d/openvpn/
# chkconfig –add openvpn
# chkconfig –level 35 openvpn on

8. Install OpenVPN client on Linux

# mkdir /etc/openvpn-client
# tree
-- ca.crt
-- client.ovpn
-- client2.crt
-- client2.key

# ./openvpn –config /etc/openvpn-client/client.ovpn
# more /etc/rc.local
  /usr/local/openvpn-2.2.2/sbin/openvpn –config /etc/openvpn-client/client.ovpn

# ifconfig
# route
# ping …
# smbclient –L //…    !check Samba share
#


Another set of script to Install openvpn on fedora 20 with the transition to systemd, OpenVPN no longer has a single monolithic init script, where every connection with a configuration file in/etc/openvpn/ is started automatically. Instead, individual connections can be started and stopped with systemctl.
For example, to start a connection, run systemctl start openvpn@foo.service, where the connection is defined in/etc/openvpn/foo.conf.

Setting up an OpenVPN server
1. yum install openvpn easy-rsa
2. Copy /usr/share/easy-rsa/2.0 somewhere (like root's home directory with cp -ai /usr/share/easy-rsa/2.0 ~/easy-rsa).
3. cd ~/easy-rsa
4. Edit vars appropriately.
5. . vars
6. ./clean-all
7. Before continuing, make sure the system time is correct. Preferably, set up NTP .
8. ./build-ca
9. ./build-key-server $( hostname | cut -d. -f1 )
10. ./build-dh
11. mkdir /etc/openvpn/keys
12. cp -ai keys/$( hostname | cut -d. -f1 ).{crt,key} keys/ca.crt keys/dh*.pem /etc/openvpn/keys/
13. cp -ai /usr/share/doc/openvpn*/sample/sample-config-files/roadwarrior-server.conf /etc/openvpn/server.conf
14. Edit /etc/openvpn/server.conf appropriately to set your configuration and key paths, which are found in /etc/openvpn/keys/.
15. Fix selinux context of files: restorecon -Rv /etc/openvpn
16. ln -s /lib/systemd/system/openvpn\@.service /etc/systemd/system/multi-user.target.wants/openvpn\@server.service (Note that 'server' corresponds with the configuration name in /etc/openvpn/ such as server.conf)
17. systemctl -f enable openvpn@server.service
18. systemctl start openvpn@server.service
19. Verify that firewall rules allow traffic in from tun+, out from the LAN to tun+, and in from the outside on UDP port 1194.

The following should work (assuming an outside interface is eth1 and an inside interface is eth0):
iptables -A INPUT -i eth1 -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -i eth0 -o tun+ -j ACCEPT
iptables -A FORWARD -i eth1 -o tun+ -m state --state ESTABLISHED,RELATED -j ACCEPT

Or for genfw (my firewall-generation script, not currently available in Fedora), this in /etc/sysconfig/genfw/rules:
append INPUT -i eth1 -p udp --dport 1194 -j ACCEPT
append INPUT -i tun+ -j ACCEPT
append FORWARD -i tun+ -j ACCEPT
append FORWARD -i eth0 -o tun+ -j ACCEPT
append FORWARD -i eth1 -o tun+ -j established

Or for system-config-firewall, you can add these custom rules:
-A INPUT -i eth1 -p udp --dport 1194 -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
-A FORWARD -i eth0 -o tun+ -j ACCEPT
-A FORWARD -i eth1 -o tun+ -m state --state ESTABLISHED,RELATED -j ACCEPT

Create a file iptables-rules in /etc/sysconfig and add the above contents, then in system-config-firewall, choose the "Custom Rules" choice, click "Add", choose IPV4 for the protocol type, and filter for the firewall table. Then select /etc/sysconfig/iptables-rules for the File: choice. Then Apply the changes.

Setting up a Linux OpenVPN client

Remember that we have already installed the openvpn package in client, and we have “ca.crt”, “vpnclient1.key”, vpnclient1.crt” in /etc/openvpn/. And copy the sample client.conf to /etc/openvpn.
You need to generate new keys (or use existing other client/username keys) for the new client/username

On the server:
1. cd easy-rsa
2. . vars
3. ./build-key username

On the client:
In the following, replace MyClient with a descriptive vpn connection name.
1. Copy username.key, username.crt and ca.crt from server to /etc/openvpn/keys/.
2. cp -ai /usr/share/doc/openvpn-*/sample-config-files/client.conf /etc/openvpn/MyClient.conf
3. Edit /etc/openvpn/MyClient.conf appropriately to set your configuration (just like server configuration, port, compression,..) and key paths.
4. cd /lib/systemd/system
5. ln openvpn@.service openvpn@MyClient.service
6. systemctl enable openvpn@MyClient.service
7. systemctl start openvpn@MyClient.service

check /var/log/messages if things didn't work as expected

Alternatively, on the client, after copying the keys onto the client machine, you can use NetworkManager to add a vpn connection. Make sure you have the NetworkManager-openvpn package installed. Then just add a new VPN connection.
Should also test automatic starting at boot up, with password protected key files and maybe even --auth-user-pass. OpenVPN supports systemd's password passing if build with --enable-systemd via ./configure
Setting up a Windows OpenVPN client

On the server:
1. cd easy-rsa
2. . vars
3. ./build-key username

On the client:
1. Install the OpenVPN GUI or the stand-alone OpenVPN client.  (http://openvpn.net/index.php/open-source/downloads.html and Tap-windows version )
2. Copy username.crt, username.key, and ca.crt to C:\Program Files\OpenVPN\config\ on the client.
3. Drop roadwarrior-client.conf into C:\Program Files\OpenVPN\config\ as whatever.ovpn and edit appropriately.
4. Either use the GUI to start the connection, start the OpenVPN service manually, or set the OpenVPN service to start automatically.

Ideally the client should do some verification on the server key with tls-remote in the whatever.ovpn configuration file.

Introduction

Static key configurations offer the simplest setup, and are ideal for point-to-point VPNs or proof-of-concept testing.

Static Key advantages
Simple Setup
No X509 PKI (Public Key Infrastructure) to maintain

Static Key disadvantages
Limited scalability -- one client, one server
Lack of perfect forward secrecy -- key compromise results in total disclosure of previous sessions
Secret key must exist in plaintext form on each VPN peer
Secret key must be exchanged using a pre-existing secure channel

Simple Example
This example demonstrates a bare-bones point-to-point OpenVPN configuration. A VPN tunnel will be created with a server endpoint of 10.8.0.1 and a client endpoint of 10.8.0.2. Encrypted communication between client and server will occur over UDP port 1194, the default OpenVPN port.

Generate a static key:

openvpn --genkey --secret static.key

Copy the static key to both client and server, over a pre-existing secure channel.

Server configuration file
dev tun
ifconfig 10.8.0.1 10.8.0.2
secret static.key

Client configuration file
remote myremote.mydomain
dev tun
ifconfig 10.8.0.2 10.8.0.1
secret static.key

Firewall configuration

Make sure that:
UDP port 1194 is open on the server, and the virtual TUN interface used by OpenVPN is not blocked on either the client or server (on Linux, the TUN interface will probably be called tun0 while on Windows it will probably be called something like Local Area Connection n unless you rename it in the Network Connections control panel).

Bear in mind that 90% of all connection problems encountered by new OpenVPN users are firewall-related.

Testing the VPN
Run OpenVPN using the respective configuration files on both server and client, changing myremote.mydomain in the client configuration to the domain name or public IP address of the server.
To verify that the VPN is running, you should be able to ping 10.8.0.2 from the server and 10.8.0.1 from the client.
Expanding on the Simple Example
Use compression on the VPN link
Add the following line to both client and server configuration files:
comp-lzo

Make the link more resistent to connection failures
Deal with:
keeping a connection through a NAT router/firewall alive, and follow the DNS name of the server if it changes its IP address.

Add the following to both client and server configuration files:
keepalive 10 60
ping-timer-rem
persist-tun
persist-key

Run OpenVPN as a daemon (Linux/BSD/Solaris/MacOSX only)

Run OpenVPN as a daemon and drop privileges to user/group nobody.

Add to configuration file (client and/or server):
user nobody
group nobody
daemon

Allow client to reach entire server subnet

Suppose the OpenVPN server is on a subnet 192.168.4.0/24. Add the following to client configuration:
route 192.168.4.0 255.255.255.0

Then on the server side, add a route to the server's LAN gateway that routes 10.8.0.2 to the OpenVPN server machine (only necessary if the OpenVPN server machine is not also the gateway for the server-side LAN). Also, don't forget to enable IP Forwarding on the OpenVPN server machine.

2014年8月8日

打工仔狂想曲

打工仔狂想曲,细味歌词,是否你的理想呢?

歌曲:大懒堂
歌词:
想我都好想好似中咗头奖,
有野唔洗做,
老细又吹我唔胀,
日日等出粮,
冇乜野需要紧张,
就系嘅既样乜都唔洗捞就至理想!
想我都想好似中佐头奖,
有野唔洗做,
老细又吹我唔胀,
日日等出粮,
冇乜野需要紧张,
就系感嘅样乜都唔洗捞就至理想!
今朝唛大眼就成日无所事事,
唔听收音机,
寻晚又打爆佐电视.
唔着衫四围走,
三点至起身落楼,
头发就一旧旧,
着件老西又乜掩袖.
有事稳我呢就完全唔知,
说话讲野呢就语无论次,
等我话你知,
我话知你,
明知故问,
我系乜都唔会理.
我幻想,
日日就乜都唔洗想,
坐响街边睇d来来去去 
男男女女 
离离合合 
散散聚聚 
想要自由唔要一切负累.
我要我要每个人开开心心,
痛痛快快寻开心.
偏偏又要醒翻,
翻到喱个世界,
听朝又要翻工,
同时间斗快.
想我都想好似中佐头奖,
有野唔洗做,
老细又吹我唔胀,
日日等出粮,
冇乜野需要紧张,
就系嘅既样乜都唔洗捞就至理想!
想我都想好似中佐头奖,
有野唔洗做,
老细又吹我唔胀,
日日等出粮,
冇乜野需要紧张,
就系感嘅样乜都唔洗捞就至理想!
哎呀呀,
系人系鬼系骡仔,
无晒计,
如果可以停低,
献世都无所谓.
可以俾我一次,
无事出翻去都市.
但系个现实就唔到理想,
无话你想就想,
又边有半斤八两,
三翻四次,
定系三心两意,
又或系一心一意,
稳出个意义,
做人唔容易,
每个人有一个故事,
翻到喱个城市,
咪又系得个做字!
想我都好想好似中咗头奖,
有野唔洗做,
老细又吹我唔胀,
日日等出粮,
冇乜野需要紧张,
就系嘅既样乜都唔洗捞就至理想!
想我都想好似中佐头奖,
有野唔洗做,
老细又吹我唔胀,
日日等出粮,
冇乜野需要紧张,
就系感嘅样乜都唔洗捞就至理想!

2014年8月6日

Install WordPress on Fedora20

tar-xvzf latest.tar.gz -C/var/www/html
# mysql -h localhost -u root –p
  • CREATEUSER wordpress@localhost IDENTIFIEDBY“some_good_password_for_wordpress”;
  • CREATEDATABASE wordpress_blog;
  • GRANTALLON wordpress_blog.*TO wordpress@localhost;
  • FLUSH PRIVILEGES;
  • exit
Add following to /etc/httpd/conf.d/wordpress.conf file:
<VirtualHost *:8088>
ServerAdmin test@test
DocumentRoot /var/www/html/wordpress
ServerName wordpress
# Logging
ErrorLog /var/log/httpd/wordpress-error-log
CustomLog /var/log/httpd/wordpress-acces-log common
</VirtualHost>
Add following to /etc/hosts file:
127.0.0.1  wordpress

Create wp-config.php

cd/var/www/html/wordpress
cp wp-config-sample.php wp-config.php
Open wp-config.php with text editor.
define(‘DB_NAME’, ‘wordpress_blog’);
define(‘DB_USER’, ‘wordpress’);
define(‘DB_PASSWORD’, ‘some_good_password_for_wordpress’);
define(‘DB_HOST’, ‘localhost’);
define(‘DB_CHARSET’, ‘utf8′);
define(‘DB_COLLATE’, ”);
define(‘AUTH_KEY’,         ‘l_fO1Q6\P>yYfsWZ9BY7_jj;U2k&,”5do!;rR5L!~M]y_{]~me’);
define(‘SECURE_AUTH_KEY’,  ‘lOVt”rJk.rqZRUXA)VNZHs@]A1W1Zzdcb?+4y5D4″5zCYy>5lI’);
define(‘LOGGED_IN_KEY’,    ‘m8)ab[9]JO$S_;\+u0Q>e~@:VZ|N!R{u#3\NZavWZv.caQ_?GU’);
define(‘NONCE_KEY’,        ‘bu}g.6=j,6/at-lm1u2S_K>3ckX=EeI~i$?0p]zD|pO((a{b1]’);
define(‘AUTH_SALT’,        ‘#-otVokEQz9+&M0hokkKL]l*BK|c5w}bFmUZ:|=v”B:”_u^LV7′);
define(‘SECURE_AUTH_SALT’, ‘z{N*`:~6IzgL%p;#j_:8)nReK|*Cdr%#e)”F-v_VKWahLi%p\t’);
define(‘LOGGED_IN_SALT’,   ‘%BCO]d}[ag5ivSZz+[ER]sr@W}`*J6](jFtQ]h>,D<mA(TmdIS’);
define(‘NONCE_SALT’,      ‘~dMJ[e"S}c4R>7^Q)vG{Uq-):e}4I+]zsM@h#sz*7{Bnk}oa(y’);
$table_prefix  = ‘wp_’;
define (‘WPLANG’, ”);
define(‘WP_DEBUG’, false);
Open browser and Goto following address http://wordpress/ to continue installation
Edit /etc/httpd/conf
Httpd.conf
sudo setsebool -P httpd_enable_homedirs 1
sudo setsebool -P httpd_read_user_content 1
chcon -R -t httpd_sys_content_t /var/www/html
Generate unique phrases using pwgen
Install pwgen:
yum install pwgen
Generate phreses with pwgen:
pwgen -sy50

MYOB Accounting System - Problem & Solution

Recently, I upgraded my MYOB accounting system from v10 to v13 mult-user version. Unluckily, I met problem on the new v13 system, as error screen in below diagram.
myob_1
Solution:
Step 1. Open MYOB system and select (Command Centre) [控制中心] ;
Step 2. Select (File) [檔案]  –> (Optimise Company File) [資料檔完善化] ;Press (OK) [確定] to continue。
Step 3. The following screen will pop-up as complete。
myob_2
Note: You have better run this procedure using window 7 or 8 computer.
Evening though succeeded to optimise the MYOB system, MYOB is not quite stable sometimes, as running under network environment. I think it is because of its software quality. Single-user stand-alone version of MYOB is quite stable system and good to use, however, I do not suggest to implement multi-users version of MYOB.