Convert online audio to mp3 and use Windows movie maker to import .mpg movie

  1. download home by Kit Chan
  • use realplayer to play online audio song home by Kit Chan at with recording function on

  • use freeware rm to mp3 converter at to convert rm to mp3. (then you can use CDBurnerXP to burn mp3 files as audio CD)
     2. download 建国大业片尾曲 - 红
Use Windows movie maker to import .mpg movie (took by Sony digital camera) and .mp3 background music

1. use any video converter (
to convert .mpg to .wmv  so  that you can import the full length of video into Windows movie maker

Burn .wav(generated by Windows movie maker) to standard VCD(mpeg-1 format)
1. use any video converter to convert .wav to .mpg1 format
2. use NTI Media Maker to burn to standard VCD (30 days full functional trial) or Nero burn room (15 days trail, full functional)


      How to setup a tomcat server with JDK and DB2 runtime client

      Jephe Wu -

      Objective: Preparing a Linux db2 client environment with JDK and Tomcat
      Environment: CentOS 5.4, IBM DB2 V8.1 JDK 1.4.2 and Tomcat 4.1


      1. Preparing JDK environment:
      cd /usr/local
      ln -sf j2sdk1.4.2xxx jdk

      Put the following to /etc/profile.d/
      export JAVA_HOME=/usr/local/jdk
      export PATH=$PATH:$JAVA_HOME/bin
      export CLASSPATH=$JAVA_HOME/lib

      then run Chmod +x

      2. Preparing Tomcat environment:

      # cd /usr/local/
      # tar xvpfz /usr/local/src/jakarta-tomcat-4.1.31.tar.gz
      # ln –sf  jakarta-tomcat-4.1.31 tomcat

      Add tomcat user and group
      # groupadd tomcat
      # useradd –g tomcat –c “Tomcat User” –d /usr/local/tomcat tomcat
      # chown –R tomcat:tomcat Jakarta-tomcat-4.1.31
      # chown tomcat:tomcat tomcat

      Put the following to /usr/local/tomcat/.bash_profile and give it 755 permission


      Modify, to add this:
      JAVA_OPTS='-Xmx1024m -XX:+AggressiveHeap' at the top of the file

      use cronolog to auto rotate log daily
      [jephe@app tomcat]$ grep -A 3 -B 3 cronolog bin/
            -Dcatalina.base="$CATALINA_BASE" \
            -Dcatalina.home="$CATALINA_HOME" \
            org.apache.catalina.startup.Bootstrap "$@" start | /usr/local/sbin/cronolog "$CATALINA_BASE"/logs/%Y-%m-%d.catalina.out \
            >> /dev/null 2>&1 &

            if [ ! -z "$CATALINA_PID" ]; then
                echo $! > $CATALINA_PID
      note: you  can vi bin/ , then search for 'stop' string, before the following line , you can add above cronolog filter
      elif [ "$1" = "stop" ] ; then

      3. Preparing DB2 Client

      download IBM DB2 runtime client from, login as root to install runtime client software
      # cd /root
      # tar xvf FP8_M00099.tar
      # cd rtcl
      #./db2_install (db2setup needs GUI , so use db2_install instead), it will install all  rpms to /opt/IBM/ directory.

      create instance (CLI)
      # cd /opt/ibm/db2/V8.1/instance
      # groupadd  db2grp1
      # useradd –c ‘DB2 Instance User’ –g db2grp1 –m db2inst1
      # ./db2icrt –s client db2inst1  (important, even installation of rtcl sometimes created /home/db2inst1/sqllibxx for you, rename that, run this command as root)

      # su - db2inst1
      # db2 catalog tcpip node db1 remote server 50000
      note: node name cannot use -, _ is allowed
      # db2 catalog database DB1 [ as DB1ALIAS ] at node db1
      # db2 list db directory
      # db2 list node directory
      # db2 connect to DB1ALIAS user jephe using password

      # db2 uncatalog node db1
      # db2 uncatalog db DB1

       Set environment for db2inst1 user
      Append the following into /home/db2inst1/.bash_profile
      . /home/db2inst1/sqllib/db2profile

      note: testing db2 runtime client first before using tomcat application:

      db2 connect to db1 user schemanmame

      db2 list tables for all
      if you encounter errors like SQL0805N package "NULLID.SQLxxxxxxxxx" was not found. 
      try to run 'db2 ? SQL0805N' to follow the suggestion below to bind.
      db2 bind @db2ubind.1st blocking all grant public 

      4. Setup tomcat again after finishing db2 client setup

      Copy connector over
      # cd /opt/IBM/db2/V8.1/java
      # cp –i /usr/local/tomcat/common/lib/db2java.jar
      note:  you have to copy from db2 runtime client to above tomcat folder which is from tomcat server itself

      # chown tomcat:tomcat /usr/local/tomcat/common/lib/db2java.jar

      5. Preparing Firewall

      Allow port 8080, 8443 and 8009 in /etc/sysconfig/iptables
      -A RH-Firewall-1-INPUT –m state –state NEW –m tcp –p tcp –dport 8080 –j ACCEPT
      -A RH-Firewall-1-INPUT –m state –state NEW –m tcp –p tcp –dport 8443 –j ACCEPT
      -A RH-Firewall-1-INPUT –m state –state NEW –m tcp –p tcp –dport 8009–j ACCEPT

      # service iptables restart

      6. Make tomcat listening on port 80
      This section is referred from (How to run Tomcat on Port 80)

      There are a few ways to make tomcat to be listening on port 80, you can run tomcat as root which is not recommended, anther way is to remain tomcat to listen on port 8080, and use iptables to forward port 80 request to tomcat:

      iptables -t nat -A PREROUTING -d your hostname -p tcp --dport 80 -j REDIRECT --to-ports 8080
      iptables-save > /etc/sysconfig/iptables
      chkconfig iptables on

      Under some circumstances, the HttpConenctor class reports the original port back to the client. Further requests will continue with that port (which is not the desired effect and might even be blocked by your firewall).

      Besides switching to a more contemporary Connector like CoyoteConenctor (recommended), you can circumvent that problem by adding a proxyPort to the HttpConnector declaration:
      7. FAQ
      a. if testing db2 connection got error like 'SQL0805N Package dc2j.NULLID.SQLC2D01.4141414141350 not found.', you can solve it by binding:
      login as db2inst1 on db2 client / tomcat server, run:

      db2 connect to db1 user db2inst1 (must login as db2inst1, not user)

      cd sqllib/bnd
      db2 bind   @db2cli.lst 

      db2 bind   @db2bind.lst (may not have this filename, then just ignore this line)

      Common Linux tools usage

      Jephe Wu -

      • bash  - if
      • vi
      30G - go to 30th  line
      30| - go to 30th column
      change a file to remove the ending new line
      vi file , :%s#$\n# #g
      • sed (delete one line from the file itself)
      for i in B*;do sed -i /A443/d $i;done 
      JEPHE=A1234; for i in B*;do sed -i "/$JEPHE/d" $i;done
      • Tar
      Backup files and exclude a list of files from a file:
      tar --exclude-from=/path/to/excludedfilelist -cvpzf  file.tar.gz *

      note: inside excludedfilelist, give file or directory name line by line, don't put / for directories behind.

      delete a file from a tar archive:
      tar --delete --file=file.tar tobedeletedfile

      transfer sparse file on the network:

      tar cvzSpf - *|ssh jephe@remoteserver '(cd /path/to; tar xzSpf -)'

      • rsync
      use rsync to transfer specified files under some directories.
      rsync -av -r  --include-from=include.txt  /cygdrive/e/ root@

      $ cat include.txt
      + a
      + a/b/
      + b
      + b/c/
      + a/b/*.dat
      + b/c/*.exe
      - *

      /usr/bin/rsync --timeout=600 -v --progress --include=*.gpg --exclude=* -a -e ssh --delete /data/db > /tmp/dbbackup

      Note: refer to

      transfer-root directory referes to the source directory on the source server.

      Here are some examples of exclude/include matching:

      o --exclude "*.o" would exclude all filenames matching *.o
      o --exclude "/foo" would exclude a file called foo in the transfer-root directory
      o --exclude "foo/" would exclude any directory called foo
      o --exclude "/foo/*/bar" would exclude any file called bar two levels below a directory called foo in the transfer-root directory
      o --exclude "/foo/**/bar" would exclude any file called bar two or more levels below a directory called foo in the transfer-root directory
      o --include "*/" --include "*.c" --exclude "*" would include all directories and C source files
      o --include "foo/" --include "foo/bar.c" --exclude "*" would include only foo/bar.c (the foo/ directory must be
      explicitly included or it would be excluded by the "*")

      o --exclude "*/foo/" would exclude any directory called foo which is one level below the transfer root directory
      o --exclude "**/foo/" would exclude any directory called foo which is one or more levels below the transfer-root directory
      •  curl & wget
      download a iso file  -  curl -CO complete_download_url and wget -c complete_download_url
      check web response header  - curl -I

      • nc
      nc -v -z -s 25
      Connection to 25 port [tcp/smtp] succeeded!
      for udp, use:
      nc -vuz destination_ip_addr 53  (udp might always report it's successful when using -z option)

      • socat  (linux or cygwin)
      $ socat -d -d tcp4-listen:25,bind=,fork,reuseaddr,bind= &

      • awk
      ls -l *.3.gz.gpg  | awk '{total += $5} END { print total}'

      db2 list application | awk '($3==495)'  => print the third column which equals 495

      • netstat
      netstat -tunelp  --list listening tcp and udp port numbers
      netstat -natup
      • ssh port forwarding 
      Local port forwarding
      $ ssh jephe@server1 -L 1234: [-g]  (-g means allows remote hosts to connect to local forwarded ports)
      $ ssh jephe@localhost -p 1234

      Remote port forwarding
      $ ssh jephe@office_server -R 1234:  (on office server, the user can connect to localhost at port 1234 to access the local ssh server at port 22)


      $ ssh jephe@office_server -R 2222:server_on_internet:22 (when user ssh to port 2222 to office server, it actually goes to internet server ssh port)

      If you want to anyone from your office network to access office server at port 2222 which will be forwarded to server_on_internet ssh server, uncomment GatewayPorts line as
      GatewayPorts yes

      $ ssh jephe@office_server -R 80:your_home_web_server:80 (your home web server is not necessarily same as your home ssh client pc, can be another server)


      You can use Windows cygwin ssh server plus ssh remote port forwarding to achieve something. Assume you have lease line connected to remote office, you can only ssh into remote office, now you need to install Linux in one of machine, you can use this method to install from local office http server.

      Use above local and remote port forwarding + cygwin + openssh + putty + proxytunnel at , you can do a lot of things you might think it's impossible before.

      If your company only allows to use proxy to access Internet and you control one of ssh server on Internet, then you got the power to access office network from home.
      • rpm
      rpm -Uvh --root=/tmp/ --nodeps /mnt/iso/CentOS/glibc-2.5-34.x86_64.rpm 
      1. Make a temporary directory to extract the rpm in and copy the rpm into the directory: 
         mkdir tempdir
         cp bash.rpm tempdir

      2. Execute rpm2cpio in the temporary directory: 
         cd tempdir
         rpm2cpio bash.rpm | cpio -idmv
      3. show architecture
       rpm -qf /bin/ls --qf '%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\n'

      • stty and setterm/xset
      stty erase ^H  (ctrl V H at the same time) 

      setterm -blank nn will tell the console driver to blank the screen after nn minutes of inactivity. (With nn = 0, screensaving is turned off. In some old kernels this first took effect after the next keyboard interrupt.)

      The s option of xset(1) will set the X screensaving parameters: xset s off turns off the screensaver, xset s 10 blanks the screen after 10 minutes.
      • ssh 
      ssh user@host -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
      ssh-keygen -F  - find this host from .ssh/known_hosts file
      ssh-keygen -R  - remove this host from .ssh/known_hosts file
      $ sshfs jephe@server:/path/to /mnt/sshfs/ 

      Working in a ssh shell that used forwarding:
      Supported escape sequences:
      ~. – terminate connection
      ~B – send a BREAK to the remote system
      ~C – open a command line
      ~R – Request rekey (SSH protocol 2 only)
      ~^Z – suspend ssh
      ~# – list forwarded connections
      ~& – background ssh (when waiting for connections to terminate)
      ~? – this message
      ~~ – send the escape character by typing it twice
      (Note that escapes are only recognized immediately after newline.)
      ~. and ~# are particularly useful.

      • ftp (windows)
      literal pasv (to change to passive mode under Windows ftp CLI) 

      • sftp
      $ sftp -b /tmp/1 -o port=2222 jephe@

      $ more 1
      put /etc/hosts

      $ more 1
      rm hosts
      • grep/cat
      grep -v "^#" /etc/httpd/conf/httpd.conf | cat -s | less
      • tcpdump 
        Collecting a TCP dump from the server using a command like the following:
        tcpdump -s0 -w /tmp/tcpdump.pcap -i any host <client ip> and port 80

        and generating traffic (HTTP or LDAP) to the server captures evidence of the server not responding to the TCP SYN packets.  The output file can be analyzed with a command like
        tcpdump -r /<path>/<to>/tcpdump.pcap
      For monitoring openbsd firewall PF rules, you can use 'tcpdump -n -e -ttt -i pflog0' to see which pf rules is matching the traffic, pass or block. use 'pfctl -sr' to get output of in-memory rules, the first block or pass rule will be rule 0, followed by rule 1, rule 2 and so on.
      • Tshark
           tshark -i eth0 -f 'host' -w /tmp/upstream.cap -S
      • screen
       screen -S main (manually)

      /home/jephe/.bash_profile contact 'screen -D -R main'. this way, if I login server, it will disconnect then reconnect my screen session 'main' automatically every time. So we keep one session only.

      How to transfer Mysql database from one server to another

      Objective: transfer mysql database A on servera to database B on serverb
      Environment: Mysql server 5.X, CentOS 5


      On source mysql database server servera:

      mysqldump databasea  -u usera -p --single-transaction | gzip > databasea.sql.gz
      mysqldump databaseA tableA -u usera -p --single-transaction | gzip > tableA.sql.gz

      on destination mysql database server serverb:
      gunzip < servera.sql.gz | mysql -u userb -p databaseB

      Another way to backup/transfer the whole database to another: (What is the equivalent of Oracle's EXP for export and IMP for import utility in MySQL? [ID 1023112.1])

      mysqldump --opt -u root -p*** --all-databases | mysql -u root -p*** -h hostname

      mysqldump --opt -u root -p*** --all-databases > backup.sql

      How to identify cpus, cores and hyperthreading


      • grep phy /proc/cpuinfo, how many different physical id will indicate how many physical cpu sockets.
      • If the siblings and cpu cores values match, the processors do not support hyperthreading (or hyperthreading is turned off in the BIOS).
      • It is worth noting that the presence of the "ht" flag in the cpuflags section of /proc/cpuinfo does not necessarily indicate that a system has hyperthreading capabilities

      Install OSSEC for system integrity check on Linux and Windows

      Jephe Wu -

      Objective: use ossec hids to monitor system file changes realtime
      Environment: CentOS 5, RHEL 5, Windows 2003 server


      1. Download ossec from
      2. Install it on centralized monitoring server first(choose 'server' when installing ossec), this server can be rsyslog and nagios server too.
      3. Install ossec on Linux server as agent or Windows server
      4. Some commonds for managing agent authentication, stop/start service and realtime monitoring

      a. on ossec server, run '/var/ossec/bin/manage_agents' to manage/extract keys for agents
      b. on ossec agent, run '/var/ossec/bin/manage_agents' to import key from the server
      c. run '/var/ossec/bin/ossec-control stop' or '/var/ossec/bin/ossec-control start' to stop/start services

      d. realtime syscheck monitoring: (only works with directories, not individual files, so you can monitor /etc or c:\program files directory, not /etc/file.txt)
      check this page:

      The configuration is very simple. In the option where you specify what files or directories to monitor, you just need to add the realtime=”yes” attribute before check_all="yes".

      e. configuration and log files are under /var/ossec/ and c:\program files\ossec

      5. when you try to enable clients which are sitting on the different network, you need to enable udp 1514 port, because the netstat is showing the ossec-remoted is listening on udp 1514 port:

      udp        0      0      *                               14974/ossec-remoted

      so , please enable firewall from agent to server at udp port 1514.


      a. When using with Nagios monitoring, the active-response feature on Linux might prevent Nagios from working properly as it will dynamically add ip blocking rules to iptables:
      to disable active response,add this:

      less than active-response greater then
      less than disabled greater than yes less than /disabled greater than
      less than active-response greater then
      to /var/ossec/etc/ossec.conf  
      c. OSSEC Wiki at 
      6. FAQ 
      a. Why does ossec send me so many emails?
      b. You can configure strftime format in /var/ossec/etc/ossec.conf so that
      ossec can monitor variable log file like this:
      So after midnight, it will start to monitor new log file at the different path.