圣诞、元旦双节及冬春消防安全重点单位防控部署

by Posted in 2. IT Security (資訊保安), 2.2 IT Security Operation (保安操作) Leave a comment

冬春季节,天干物燥,发生火灾机率高,要求做好以下5点及十项必查内容:

1、严禁擅自装修、装饰。如使用圣诞树,应摆放室外,不可通电拉灯;
2、进行一次消防设施维护保养;
3、安全出口及疏散通道保持畅通;
4、内部员工宿舍全面检查(不可私拉电线,使用大功率电器);
5、进行一次员工消防宣传培训;

十项必查内容:
(一)各类建筑(场所)供用电线路均应安装漏电保护开关。开关应选用合格电气产品。
(二)各类建筑(场所)供用电线路均应根据国家电气技术标准,采取穿金属管、封闭式金属线槽或者绝缘阻燃PVC电工套管保护措施。
(三)各类建筑(场所)均应保持楼梯间、疏散通道、安全出口等紧急逃生通道畅通。外墙设置防盗铁栅栏一律拆除,居住类场所确需安装的,应设置长宽净尺寸不小于1米、0.8米且向外开启的紧急逃生口,并设置缓降器、逃生软梯等辅助疏散设施。
(四)住宿场所与其他生产经营性场所合一设置的,必须实施实体墙物理防火分隔。
(五)各类建筑(场所)均不得违规住人,一经发现必须彻底搬离。
(六)各类建筑(场所)内部均严禁电动自行车违规停放或充电,一经发现必须立即清理。
(七)各类建筑(场所)内部均严禁采用木质材料搭建阁楼,一经发现必须强制拆除。
(八)各类建筑(场所)内部均严禁使用彩钢板、聚氨酯泡沫等易燃材料,一经发现必须强制拆除。
(九)群租房必须明确消防安全管理责任。严格《降低群租房火灾风险十项措施》要求,所在建筑应配备消防安全楼长,楼长应由物业服务企业人员或出租人担任,组织建立健全消防安全管理制度,履行日常消防安全管理职责,实施专职管理员夜间巡查措施。住宿3人以上的场所,一律加装独立式火灾报警探测器。住宿30人以上的场所,一律按照标准安装自动灭火、火灾报警等消防设施,明确专人实施24小时值守看护。
(十)建设工程施工现场应落实消防安全保障。严格按照《建设工程施工现场消防技术规范》(GB50720-2011)要求,建立健全消防安全管理制度,明确专人实施现场看护,配置临时消防设施和足够灭火器材,保障临时用水,依法依规实施动火作业,确保施工用电安全。

Diary of IT Man – Self-Study in cloudacademy.com

by Posted in Diary of IT Man(IT人在工廠日記) Leave a comment

Because I got a free training account from CloudAcademy.com for 14 days, I took this benefit to self-study the cloud technology during Christmas Holiday. CloudAcademy.com is a on-line learning web site for IT professional to continuously leaning IT. I strongly recommend it to you to try, it is Good Stuff…

I completed the following courses:

– Completion Certificate for Set Up VPC Peering between Amazon Virtual Private Clouds (VPCs)
– Completion Certificate for Introduction to Virtual Private Cloud (VPC)
– Completion Certificate for Diagnose Cancer with an Amazon Machine Learning Classifier
– Completion Certificate for Deploy WordPress using CloudFormation
– Completion Certificate for Automate Image Labeling with Amazon Rekognition
– Completion Certificate for Serverless Web Development with Python for AWS
– Completion Certificate for Securing your VPC using Public and Private subnets
– Completion Certificate for Amazon Machine Learning for Human Activity Recognition
– Completion the Overview of Azure Services Course
– Completion the Introduction to Amazon Web Services (AWS) Course
– Completion the Introduction to Google BigQuery Course
– Completion the AWS Virtual Private Cloud: Subnets and Routing Course

Note:
CloudAcademy.com is a provider-neutral learning platform that helps both companies and individuals learn Cloud Computing technologies. Actually, Cloud computing is changing how people interact with information and knowledge, how developers build applications, and how companies organize and collect data both on and offline. Today, a developer with a great idea has access to the same infrastructure as a Fortune 500 company, and is capable of creating, deploying, and selling a solution that will rival global technology companies.

Although Amazon was the distinct pioneer in this area (and continues to innovate and expand), many other companies have entered the Cloud Computing frontier, such as Microsoft, Google, and Rackspace. What we see today is the birth of the next chapter in IT, where boundless technological resources are available on-demand to whoever needs them.

Changing the very shape of modern computing and the Internet itself, Cloud Computing is a relatively new technology that can be defined in a number of different ways. At its core, however, it just means “running your applications on a computer infrastructure other than your own”. Computing in the Cloud makes many different solutions available to you. Both the tasks and the methods used to achieve them can be quite varied. You might need full infrastructure or perhaps just a back-end where you can build your application – or maybe you just need one narrowly focused service.

 

AWS Command Interface Setup

by Posted in 4. Others 2 Comments

Installing the AWS Command Line Interface

The primary distribution method for the AWS CLI on Linux, Windows, and macOS is pip, a package manager for Python that provides an easy way to install, upgrade, and remove Python packages and their dependencies.

Current AWS CLI Version

The AWS CLI is updated frequently with support for new services and commands. To see if you have the latest version, see the releases page on GitHub.

Requirements

  • Python 2 version 2.6.5+ or Python 3 version 3.3+
  • Windows, Linux, macOS, or Unix

Note

Older versions of Python may not work with all AWS services. If you seeInsecurePlatformWarning or deprecation notices when you install or use the AWS CLI, update to a recent version.

If you already have pip and a supported version of Python, you can install the AWS CLI with the following command:

$ pip install awscli --upgrade --user

The --upgrade option tells pip to upgrade any requirements that are already installed. The --user option tells pip to install the program to a subdirectory of your user directory to avoid modifying libraries used by your operating system.

If you encounter issues when you attempt to install the AWS CLI with pip, you can install the AWS CLI in a virtual environment to isolate the tool and its dependencies, or use a different version of Python than you normally do.

Standalone Installers

For offline or automated installations on Linux, macOS, or Unix, try the bundled installer. The bundled installer includes the AWS CLI, its dependencies, and a shell script that performs the installation for you.

On Windows, you can also use the MSI installer. Both of these methods simplify the initial installation, with the tradeoff of being more difficult to upgrade when a new version of the AWS CLI is released.

After you install the AWS CLI, you may need to add the path to the executable file to your PATH variable. For platform specific instructions, see the following topics:

Verify that the AWS CLI installed correctly by running aws --version.

$ aws --version
aws-cli/1.11.84 Python/3.6.2 Linux/4.4.0-59-generic botocore/1.5.47

The AWS CLI is updated regularly to add support for new services and commands. To update to the latest version of the AWS CLI, run the installation command again.

$ pip install awscli --upgrade --user

If you need to uninstall the AWS CLI, use pip uninstall.

$ pip uninstall awscli

If you don’t have Python and pip, use the procedure for your operating system:

Sections

Configuring the AWS CLI

This section explains how to configure settings that the AWS Command Line Interface uses when interacting with AWS, such as your security credentials and the default region.

Note

The AWS CLI signs requests on your behalf, and includes a date in the signature. Ensure that your computer’s date and time are set correctly; if not, the date in the signature may not match the date of the request, and AWS rejects the request.

Sections

Quick Configuration

For general use, the aws configure command is the fastest way to set up your AWS CLI installation.

$ aws configure
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: us-west-2
Default output format [None]: json

The AWS CLI will prompt you for four pieces of information. AWS Access Key ID and AWS Secret Access Key are your account credentials.

To get the access key ID and secret access key for an IAM user

Access keys consist of an access key ID and secret access key, which are used to sign programmatic requests that you make to AWS. If you don’t have access keys, you can create them from the AWS Management Console. We recommend that you use IAM access keys instead of AWS account root user access keys. IAM lets you securely control access to AWS services and resources in your AWS account.

The only time that you can view or download the secret access keys is when you create the keys. You cannot recover them later. However, you can create new access keys at any time. You must also have permissions to perform the required IAM actions. For more information, see Delegating Permissions to Administer IAM Users, Groups, and Credentials in the IAM User Guide.

  1. Open the IAM console.
  2. In the navigation pane of the console, choose Users.
  3. Choose your IAM user name (not the check box).
  4. Choose the Security credentials tab and then choose Create access key.
  5. To see the new access key, choose Show. Your credentials will look something like this:
    • Access key ID: AKIAIOSFODNN7EXAMPLE
    • Secret access key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
  6. To download the key pair, choose Download .csv file. Store the keys in a secure location.Keep the keys confidential in order to protect your account, and never email them. Do not share them outside your organization, even if an inquiry appears to come from AWS or Amazon.com. No one who legitimately represents Amazon will ever ask you for your secret key.

Related topics

Default region is the name of the region you want to make calls against by default. This is usually the region closest to you, but it can be any region. For example, type us-west-2 to use US West (Oregon).

Note

You must specify an AWS region when using the AWS CLI. For a list of services and available regions, see Regions and Endpoints. The region designators used by the AWS CLI are the same names that you see in AWS Management Console URLs and service endpoints.

Default output format can be either jsontext, or table. If you don’t specify an output format, json is used.

If you have multiple profiles, you can configure additional, named profiles by using the --profile option.

$ aws configure --profile user2
AWS Access Key ID [None]: AKIAI44QH8DHBEXAMPLE
AWS Secret Access Key [None]: je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY
Default region name [None]: us-east-1
Default output format [None]: text

To update any of your settings, simply run aws configure again and enter new values as appropriate. The next sections contain more information on the files that aws configure creates, additional settings, and named profiles.

Configuration Settings and Precedence

The AWS CLI uses a provider chain to look for AWS credentials in a number of different places, including system or user environment variables and local AWS configuration files.

The AWS CLI looks for credentials and configuration settings in the following order:

  1. Command line options – region, output format and profile can be specified as command options to override default settings.
  2. Environment variables – AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN.
  3. The AWS credentials file – located at ~/.aws/credentials on Linux, macOS, or Unix, or at C:UsersUSERNAME .awscredentials on Windows. This file can contain multiple named profiles in addition to a default profile.
  4. The CLI configuration file – typically located at ~/.aws/config on Linux, macOS, or Unix, or at C:UsersUSERNAME .awsconfig on Windows. This file can contain a default profile, named profiles, and CLI specific configuration parameters for each.
  5. Container credentials – provided by Amazon EC2 Container Service on container instances when you assign a role to your task.
  6. Instance profile credentials – these credentials can be used on EC2 instances with an assigned instance role, and are delivered through the Amazon EC2 metadata service.

IT人在工廠日記 – 可惡的離職員工勒索

by Posted in Diary of IT Man(IT人在工廠日記) Leave a comment

最近,工厂有名會計主管離職,可是因為補償問題談不合,雖然他手握一些黑材料,但是公司不願意妥協於這種勒索行為,最後該名主管公開投訴本厂,引來地稅、國稅和海關立案,前來查厂,認真麻煩。現時公司要花錢疏通,比補償给該員工的錢多幾十倍呢!
對此類員工的勒索,應該要衡量利害,千萬不要意氣用事,而立刻拒絕。最重要,是自身要奉公守法,才不怕勒索。

Diary of IT Man – obtained a MCSE Windows Server – Cloud Platform and Infrastructure

by Posted in Diary of IT Man(IT人在工廠日記) Leave a comment

Cheers that I obtained a MCSE-Cloud Platform and Infrastructure certification several weeks ago. I just needed to take one Microsoft exam # 70-753 to upgrade from MCSA to MCSE. Originally, I did not plan to have MCSE because it did not find it has any benefit to my career. However, because I had a a spare Microsoft exam coupon, so, I decided to take this Azure exam. I prepared the exam for two months, mainly studied from Microsoft resource and studied braindump question from passleaders.com. Although I could only find 20% of my exam questions from braindump, I still luckily passed the exam in one-take. Next, I will prepare my pmp project exam.

Odoo 11 Overview

by Posted in 3. IT Application (應用軟件), 3.1 ERP System (資源管理) Leave a comment

Good news that I got a new version of odoo ver 11. A lot of good stuff there.

For this version, focused most of our efforts on improving the API so it will run faster and be easier for developers to work with. This isn’t to say there’s nothing for the end user, though. it made small changes to many apps to make them more intuitive and more useful. Odoo V11 introduced global keyboard shortcuts and a global search feature to make navigating Odoo quicker and easier than ever.

Odoo Community:

  • Usability
  • Speed
  • New Design (from current Odoo Enterprise)
  • Mobile

Odoo Enterprise:

  • Accounting
  • Localizations
  • Services Companies
  • Odoo Studio (make it even better)
  • Reporting & Dashboard (a more BI-like tool)

Functional Changes(features)

  • Timesheet app:
  1. New view for Timesheet recording
  2. validation policy: decide to invoice on recorded timesheets or on approved one
  3. New report has been added to analyze the differences between attendances and timesheets
  4. New timesheet flow: Create timesheet entries using the mobile app, tasks, and/or the timesheet menu. Then, a manager approves them and launches the invoicing through the approvals menu.
  • New Product Catalog app: install the Product app to access the catalog from your apps dashboard
  • Accounting app:
  1. New module to import CAMT.053 XML files to populate bank statements
  2. Analytic accounting analysis
  • Subscription app: new dashboard, cohort analysis, analysis by company and all companies

Discuss app:

  1. Counter near starred items
  2.  Users can now type some shortcuts directly in the text box. For example: /leave to leave the channel, /who to list who is in the channel and /help to see a list of commands
  • New payment acquirer: Payumoney and payment Stripe
  • Usability
  1. Odoo WMS: picking form improvements, changes in delivery slips, variants menu entry
  2.  Odoo Subscription: onboarding, adding tags on self subscriptions
  3.  Odoo Accounting: Revenue recognition usability improvements
  • New global search in the home page (start typing something to see relevant menus)
  • Keyboard shortcuts: details on the top right menu on the home page
  • New website dashboard

Purchase: manage purchase agreement, blanket.

http://technaureus.com/features-of-odoo-11/

The following is a youtube video to give you a quick overview.

Tips on using Microsoft Azure

by Posted in 4. Others Leave a comment

Tips 1. How to find password of wordpress logon

  • The default user account of wordpress in Azure is ‘user’.
  • The application password is randomly generated during the first boot. This password can be viewed as follows:

In the “Support + Troubleshooting” menu, select the “Boot diagnostics” option.Application credentials

Review the system log until you find the application password.

Application credentials

IMPORTANT: This password is only shown the first time you start the image. Please save your password in a safe place. We also recommend changing it in your application to a different value.

Tips 1. How to Setup Nested Virtualization in Azure

Deploy Azure VM

To setup Nested Virtualization inside an Azure Virtual Machine, you first need to create a new Virtual Machines using one of the new instance sizes like Ev3 or Dv3 and Windows Server 2016.I also recommend to install all the latest Windows Server patches to the system.

Optional: Optimize Azure VM Storage

This step is optional, but if you want to better performance and more storage for your Nested Virtual Machines to run on, this makes sense.

Azure VM Data Disks

In my case I attached 2 additional data disks to the Azure VM. Of course you can choose more or different sizes. Now you can see 2 new data disk inside your Azure Virtual Machine. Do not format them, because we gonna create a new storage spaces pool and a simple virtual disk, so we get the performance form both disks at the same time. In the past this was called disk striping.

Azure VM Storage Spaces

With that you can create a new Storage Spaces Storage Pool and a new Virtual Disk inside the VM using the storage layout “Simple” which basically configures it as striping.

Azure VM Storage Spaces PowerShell

I also formatted the disk and set the drive letter to V:, this will be the volume where I will place my nested virtual machines.

Install Hyper-V inside the Azure VM

Install Hyper-V on Windows Server using PowerShell

The next step would be to install the Hyper-V role in your Azure Virtual Machine. You can use PowerShell to do this since this is a regular Windows Server 2016.This command will install Hyper-V and restart the virtual machine.

Azure VM Hyper-V

After the installation you have Hyper-V installed and enabled inside your Azure Virtual Machine, now you need to configure the networking for the Hyper-V virtual machines. For this we will use NAT networking.

Configure Networking for the Nested Environment

Hyper-V NAT Network inside Azure VM

To allow the nested virtual machine to access the internet, we need to setup Hyper-V networking in the right why. For this we use the Hyper-V internal VM Switch and NAT networking. I described this here: Set up a Hyper-V Virtual Switch using a NAT Network

Create a new Hyper-V Virtual Switch

First create a internal Hyper-V VM Switch

Configure the NAT Gateway IP Address

The Internal Hyper-V VM Switch creates a virtual network adapter on the host (Azure Virtual Machine), this network adapter will be used for the NAT Gateway. Configure the NAT gateway IP Address using New-NetIPAddress cmdlet.

Configure the NAT rule

After that you have finally created your NAT network and you can now use that network to connect your virtual machines and use IP Address from 172.21.21.2-172.21.21.254.

Now you can use these IP Addresses to assign this to the nested virtual machines. You can also setup a DHCP server in one of the nested VMs to assign IP addresses automatically to new VMs.

Optional: Create NAT forwards inside Nested Virtual Machines

To forward specific ports from the Host to the guest VMs you can use the following commands.

This example creates a mapping between port 80 of the host to port 80 of a Virtual Machine with an IP address of 172.21.21.2.

This example creates a mapping between port 82 of the Virtual Machine host to port 80 of a Virtual Machine with an IP address of 172.21.21.3.

Optional: Configure default Virtual Machine path

Since I have created an extra volume for my nested virtual machines, I configure this as the default path for Virtual Machines and Virtual Hard Disks.

Create Nested Virtual Machines inside the Azure VM

Azure Nested Virtualization

Now you can basically start to create Virtual Machines inside the Azure VM. You can for example use an existing VHD/VHDX or create a new VM using an ISO file as you would do on a hardware Hyper-V host.

Some crazy stuff to do

There is a lot more you could do, not all of it makes sense for everyone, but it could help in some cases.

  • Running Azure Stack Development Kit – Yes Microsoft released the Azure Stack Development Kit, you could use a large enough Azure virtual machine and run it in there.
  • Configure Hyper-V Replica and replicate Hyper-V VMs to your Azure VM running Hyper-V.
  • Nested a Nested Virtual Machine in a Azure VM – You could enable nesting on a VM running inside the Azure VM so you could do a VM inside a VM inside a VM. Just follow my blog post to created a nested Virtual Machine: Nested Virtualization in Windows Server 2016 and Windows 10

In my opinion Nested Virtualization is mostly help full if you run Hyper-V Containers, but it also works great, if you want to run some Virtual Machines inside a Azure VM, for example to run a lab or test something.

info source: https://www.thomasmaurer.ch/2017/07/how-to-setup-nested-virtualization-in-microsoft-azure/