The power of now

Introduction: 

imminent: imminent death

relinquish: one learns to relinquish mental/emotinal resistance to the "suchness" of the present moment

intersperse: almost continuous anxiety interspersed with periods of suicidal depression

dread: a feeling of absolute dread

loathing: a ddep loathing of the world

loathsome: The most loathsome thing of all, however, was my own existence

annihilation: a deep long for annihilation

luminosity: That soft luminosity filtering through the curtains was love itself.

prisitine: Everything was fresh and prestine

palpable: Sometimes it is very strong, almost palpable, and others can feel it too

eon: have kept humans in bondage to suffering for eons

verbatim: Some of the questions and answers I wrote down almost verbatim

extraneous: overlaid with extraneous matter

obscure: alsmot completely obscured by it

exaltation: There is then a feeling of exaltation and heightened aliveness

How to skip the OPTIONS preflight request

 

When trying to post request directly from angular, got the CORS error:

Access to XMLHttpRequest at '***' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

The browser adds a OPTION call (preflight) as the content-type is application/json

Can add a chrome shortcut like the below to make the request successful:

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-web-security --user-data-dir="c:/chrome_dev"

Play mkv from apple TV

 

1. Install VLC for mobile from apple TV

2. Enable "Remote Playback"

3. From the computer (for me MAC), access the IP, and drop mkv files

For me, drop files failed, so I started mac http server and add the URL

4. It's pretty fluenct, totally no lag even for 1080P/blueray planet earth

Another way is through the File Sharing (SMB) but it seems that VLC has a bug so it cannot save the configuration, the "Remote Playback" has an advantage you can control the progress bar from the computer side.

Mac http server

sudo npm install http-server -g

cd到文件服务的文件夹下，通过运行此命令设置本地服务器：

$ http-server ./ -p 1313

现在，HTTP服务器运行在端口。使用您的网络浏览器和访问http://localhost:1313/

作者：w11794dl3u
链接：https://www.jianshu.com/p/ce592c3ee347
来源：简书

著作权归作者所有。商业转载请联系作者获得授权，非商业转载请注明出处。 

Learning Angular - Third Edition Section 3 note

 Learning Angular - Third Edition Section 3 note

1. An Angular application must set the base HTML tag in the index.html file to enable pushState routing.

2.

a typical example of AppComponent is the following:

<app-header></app-header>

<router-outlet></router-outlet>

<app-footer></app-footer>

3.

ng generate module heroes --routing

The --routing parameter instructs the Angular CLI to create a routing module along with the heroes feature module.

4.

The order that we import routing modules in does matter. The router selects a route with a first match wins strategy. 

5. set default path

{ path: '', redirectTo: '/heroes', pathMatch: 'full' }

It is worth noting that we added the empty route path after all other routes because, as we have already learned, the order of the routes is important. We want more specific routes before less specific ones.

{ path: 'hero/:id', component: HeroDetailComponent }

The colon character denotes that id is a route parameter. If a route has more than one parameter, we separate them with /. 

6.

<p>{{hero?.name}} works!</p>

The ? character that we have added to the hero property is called a safe navigation operator. It is used to guard our component against null or undefined values of the hero property. If we do not use this operator, the delay that we experience because of the HTTP request will break our template. 

6.

Template-driven forms are easy to set up and add to an Angular application, but they do not scale well.

Reactive forms are more robust when it comes to scaling and testing, and when they are not interacting with the change detection cycle.

import { FormsModule, ReactiveFormsModule } from '@angular/forms';

7. 

password: new FormControl('', [

  Validators.required,

  Validators.minLength(6)

])

8. Angular material

import { MatDialogModule } from '@angular/material/dialog';

Learning Angular - Third Edition Section 2 note

 1.

=== checks not only whether values are equal but also whether types match. For example, 0 == '0' is truthy, whereas 0 === '0' is falsy.

2. Directives

*ngIf/*ngFor/ngSwitch

3. Pipes

| uppercase, | lowercase, | slice, | json, 

4. Building custom pipes

ng g pipe sort

<ul>

  <li *ngFor="let hero of heroes | sort:'name'; index as myIndex">

  </li>

</ul>

5.

If we need a template, we create a component; otherwise, make it a directive.

ng g directive copyright

A directive is a TypeScript class marked with the @Directive decorator. The only required property in the decorator is the selector of the directive.

6.

ng g module heroes

The main application module, AppModule, does not need to import CommonModule. Instead, it imports BrowserModule, which is used to run Angular applications in a browser platform that exports CommonModule by itself.

ng g component heroes/heroList --module=heroes

need exports in the child module, and import in the app.module.ts

Lazy loaded modules are not declared in the imports property of a module.

7.

When we run the ng build --configuration=production command, the Angular CLI replaces the environment.ts file with the environment.prod.ts file.

the component should only be concerned with presentation logic.

Delegating complex tasks to services.

ng g service heroes/hero

An Angular service is a TypeScript class marked with the @Injectable decorator. The decorator identifies class as an Angular service that can be injected into an Angular component or another Angular service. 

the constructor injection pattern is the one enforced by Angular. 

8.

A Promise object accepts two parameters; a resolve method to indicate that the promise completed successfully and optionally return a result, and a reject method to indicate that an error occurred during execution and optionally return the cause of the error.

To summarize the limitations of promises, note the following:

They cannot be canceled.

They are immediately executed.

They are one-time operations only; there is no easy way to retry them.

They respond with only one value.

9.

When we define an observable variable, we tend to append the $ sign to the name of the variable. This is a convention that we follow so that we can identify observables in our code efficiently and quickly.

  private setTitle = () => {

    const timestamp = new Date().toString()

    this.title = `Hello Angular 10 (${timestamp})`;

  }

  title$ = new Observable(observer => {

    setInterval(() => {

        observer.next();

    }, 1000);

  });

  constructor(){

    this.title$.subscribe(this.setTitle);

  }

10. RxJS

We have already learned how to create an observable from a DOM event using the fromEvent operator. Two other popular operators that are concerned with observable creation are the of and from operators.

const values = of(1, 2, 3);

values.subscribe(value => console.log(value));

The from operator is an excellent way to start migrating from promises to observables in your Angular application if you have not done so already!

11.

npm install angular-in-memory-web-api --save-dev

Learning Angular - Third Edition Section 1 note

 Learning Angular - Third Edition

1. source code 

https://github.com/PacktPublishing/Learning-Angular--Third-Edition

2. Prerequisites

Node.js: run "node -v" to check the version

NPM: run "npm -v" to check the version (Include by default in Node.js)

3. Install Angular CLI

npm install -g @angular/cli@10.0.0

run "ng version" or "ng v" to check the version

ng help

ng new my-app

ng serve

4.

Each web application has a main HTML file. For an Angular application, this is the index.html file that exists inside the src folder.

The declarations property is the place where we define all components that exist inside a module, so that they are 

discoverable by the framework.

5. VS code

intall extensions: Angular Essentials, Angular Language Service, Angular Snippets

6. typescript

no more var; use the let keyword wherever possible.

const ages: number[] = [8, 5, 12, 3, 1];

type Animal = 'Cheetah' | 'Lion';

const animal: Animal = 'Cheetah';

enum Brands { Chevrolet, Cadillac, Ford, Buick, Chrysler, Dodge };

const myCar: Brands = Brands.Cadillac;

TypeScript defines that a parameter is optional by adding the ? symbol as a postfix to the parameter name we want to make optional:

function greetMe(name: string, greeting?: string): string {

    if(!greeting) {

        greeting = 'Hello';

    }

    return greeting + ', ' + name;

}

Be aware that optional parameters should be placed last in a function signature.

Default parameter:

function greetMe(name: string, greeting: string = 'Hello'): string {

    return `${greeting}, ${name}`;

}

Rest parameter:

function greetPeople(greeting: string, ...names: string[]): string {

    return greeting + ', ' + names.join(' and ') + '!';

}

fat arrow:

const add = (x, y) => x + y;

Spread parameter:

const newItem = 3;

const oldArray = [1, 2];

const newArray = [...oldArray, newItem];

const oldPerson = { name : 'John' };

const newPerson = { ...oldPerson, age : 20 };

class decorators

property decorators

method decorators

parameter decorators

Nullable:

TypeScript knows to stop execution automatically when it runs into a nullable value.

for (let i = 0; i < hero.powers?.length; i++) {

}

A module works at a file level, where each file is the module itself, and the module name matches the filename without the .ts extension. Each member marked with the export keyword becomes part of the module's public API.

export class MyService {

    getData() {}

}

export const PI = 3.14;

import { MyService, PI } from './my-service'; 

windows 10 msc error

Windows 10

This app has been blocked for your protection, mmc.exe

Windows 10 Pro x64 Version 1703 (OS Build 15063.502)

When trying to run "Computer Management", I receive a dialog saying: This app has been blocked for your protection. Under that it says mmc.exe and compmgmt.msc

The below worked for me

1. Open Run and type: secpol.msc

2. Click on Local Policies

3. Look for, and right-click User Account Control: Run all administrators in Admin Approval Mode

4. Select properties and then Disable

https://answers.microsoft.com/en-us/windows/forum/all/this-app-has-been-blocked-for-your-protection/e1d11ec3-8544-4c4b-afe3-1cf075681280

English

 Bane of my existence/life

Superman Kryptonite -> Achilles' heel

Clearly/Zenni glasses

Clearly, June 4, 2021, 425/475, Thin Air Lenses with C Shield

Clearly, July 20, 2021, 375/425, Thin Air Lenses

Clearly, Sep 6, 2021, 350/400, Thin Air Lenses

Zenni, June 7, 2021, 400/450, 1.57 Mid-Index

Jan 8, 2017, 475/525, 1.67 AS HMC 400

JBoss 7 EAP windows admin console

 1. Run add-user.bat

select a, Management User (mgmt-users.properties under standalone and domain will be updated)

provide the username and password

group: admin

no AS process

2. Run standalone.bat

verify there's no error in the dos window

3. http://127.0.0.1:9990/console

Input the username/password

Test connection for ExampleDS

4. Double click jboss-cli.bat

connect

version

deployment-info

5. standalone.bat -c standalone-full-ha.xml

Learning Angular third edition chapter 2 note

 Chapter 2 Introduction to TypeScript

1.

var brand: string = 'Chevrolet';

var message: string = `Today it's a happy day! I just bought a new ${brand} car`;

no more var; use the let keyword wherever possible.

The const keyword is a way to indicate that a variable should never change.

const brand: string[] = ['Chevrolet', 'Ford', 'General Motors'];

The null and undefined literals require special treatment. In a nutshell, they are typed under the any type, 

which makes it possible to assign these literals to any other variable, regardless of its original type.

2. custom types

type Animal = 'Cheetah' | 'Lion';

const animal: Animal = 'Cheetah';

enum Brands { Chevrolet, Cadillac, Ford, Buick, Chrysler, Dodge };

const myCar: Brands = Brands.Cadillac;

3. fat arrow functions

const double = x => x * 2;

const add = (x, y) => x + y;

const addAndDouble = (x, y) => {

    const sum = x + y;

    return sum * 2;

}

4.

Class decorators is executed before the class gets instantiated. 

Learning Angular third edition chapter 1 note

1. source code

https://github.com/PacktPublishing/Learning-Angular--Third-Edition

2. Node

Node.js is a JavaScript runtime built on top of Chrome's v8 JavaScript engine.

node -v

Npm is a software package manager that is included by default in Node.js. 

npm -v

npm install -g @angular/cli@10.0.0

ng version

3.

ng new my-app

ng serve

http://localhost:4200

app.component.ts is the landing page and the main component of the application.

Each web application has a main HTML file. For an Angular application, this is the index.html file

When the Angular CLI finds a tag that is not a known HTML element, such as app-root, it starts searching 

through the components of the application tree. 

Angular organizes components into self-contained blocks of functionality called modules. An Angular application 

has at least one main module called AppModule, as a convention.

Angular components should be registered with a module so that they are discoverable by the framework.

The declarations property is the place where we define all components that exist inside a module.

As soon as the application knows about all of the available components that it can search, it needs to identify 

which element tag belongs to which component. That is, it needs to find a way to match the tag with a component.

Angular matches HTML tags with components via a selector. It is the name that you give to a component so that it 

is correctly identified in HTML:

selector: 'app-root'

<span>{{ title }} app is running!</span>

The {{ }} syntax is one example of the Angular template language, called interpolation. It reads the title property 

of the component class, converts its value to text, and renders it on the screen.

4. main.ts

The starting point of an Angular application is always a module. The main task of the bootstrapping file is to 

define this module. It calls the bootstrapModule method of browser platform and passes AppModule as the entry point 

of the application.

5. Install VS Code extensions:

Angular Essentials

Angular Language Service

Angular Snippets (Type a-component inside the ts file and press Enter)

TSLint

6.

TSLint is a tool that performs static analysis of TypeScript code and enforces readability, maintainability, 

and error checking by applying a set of rules. These rules are defined in the tslint.json configuration file.

VS Code editor settings, such as indentation or spacing, can be set at a user or project level. EditorConfig can 

override these settings using a configuration file called .editorconfig

MAC close clid behavior

https://blog.csdn.net/weixin_51245542/article/details/108937672

1）禁用Lid-Sleep的命令（保持系统唤醒）：

sudo pmset -b sleep 0; sudo pmset -b disablesleep 1

2）激活Lid-Sleep的命令（让系统再次正常休眠）：

sudo pmset -b sleep 5; sudo pmset -b disablesleep 0

合上盖之后放音乐就不会停了，系统及程序保持运行，用电池连接外接显示器的时候，合上盖子也没有影响了。

我的视力跟踪

 

我的眼轴测量 OD/Right: 26.54   OS/Left: 26.75 on June 11, 2021：

我的度数：

本来已有的两幅眼镜度数分别是：

右：500 左：550  (2019-2-24)

右：475 左： 525

配镜要求再增加25度。

改为Clearly：

Placed order on June 7, 2021, Estimated delivery date is June 28, 2021

Acutal delivery date from Canada Post is June 16, 2021

和Zenni：

Placed order on June 7, 2021, You have selected Standard Shipping ----- You can expect your order within 14-21 days from today's date.

Actual delivery date from Canada Post is June 16, 2021

Clearly:

Place order on July 20, 2021, Estimated delivery date is: August 10, 2021

parallel desktop

 

parallel desktop (PD)还是挺强大的，不光性能很好，启动关机快，能玩LOL等大型游戏。而且今天发现那个微信备份恢复在mac上始终不能使用，提示不在同一网络，即使已经在同一个局域网也重启微信和mac了，mac防火墙看也打开了。搜索解决方案的时候，csdn上一篇文章说禁用virtualbox虚拟机网络之后问题解决。没找到怎么在mac上禁用P D的虚拟机网络，但是在PD的设备->网络里选WI-FI之后，发现微信的备份恢复能正常使用了，而且速度超快。

也算物有所值，比Bootcamp方便和强大。

视力防护计划

 20-20-20 注意看清物体才能放松，如果因无法看清而用力眯眼，则是本末倒置。可以看较大的物体，或者戴着眼睛看（？）

执行如下措施，到8月底换另外一位医生检测（散瞳验光）

1. 严格控制用眼时间，尽量少看屏幕和纸质书。

2. 户外运动如篮球、徒步、骑自行车。

3. 每天打黄色乒乓球。

4. 每天晚上做眼保健操。

5. 每天早上起来热敷眼睛和太阳穴2-3分钟，然后转动眼睛练习

     左右、上下、顺时针、逆时针

养成远眺的习惯，尽量选择阴天或者太阳被云挡住的时候远眺

6. 视觉远近位移

a， 找一处10米以外的绿色植物(绿色植物由于波长较短，成像在视网膜之前，促使眼部调节放松，眼睫状肌松弛，减轻疲劳。)

b，眼睛必须自然开合，不能眨眼、眯眼，聚精会神，集中精力观看植物的绿叶，辨认植物绿叶的轮廓。凝视20秒，如果中间有眨眼了，时间必须重新计算

c，看完20秒植物绿叶以后立即观看自己20-30厘米开外的自己的指纹 （高度近视看掌纹），同样凝视20秒

c，一远一近为一组，每次训练至少3组（5分钟），一般5到10分钟。每天训练3到4次

备注:目标物（绿色植物和指纹/掌纹）必须与眼睛至少平视，不能处于眼睛下方，最好是能够高于眼睛方向，一般高度越高，眼睛越累，难度系数会越高

作者：李荣辉

链接：https://www.zhihu.com/question/30894173/answer/50150046

来源：知乎

著作权归作者所有。商业转载请联系作者获得授权，非商业转载请注明出处。

7. 先搓热双手，然后捂住双眼（闭目），3分钟左右。 

测量眼轴长度

角膜曲率检查：有小朋友眼轴变长，然而度数并没有加深，其实是角膜曲率改变代偿了度数，所以也要跟踪角膜曲率的变化，来判断近视加深情况

连续使用0.01%浓度的阿托品滴眼液？

由于琴键间隔的黑白条纹被称为光栅，钢琴的黑白键就属于光栅，对眼睛刺激比较大，加上密密麻麻的琴谱，对视力造成了双重打击。

而刚做过散瞳的儿童，几个月内都不能做眼肌训练。

https://zhuanlan.zhihu.com/p/154277170

https://www.zhihu.com/question/281509097/answer/1411853564

https://zhuanlan.zhihu.com/p/269700185

泽泽爱吃榴莲 (作者) 回复远辰02-18

40多岁的都降了100度 。管好嘴。少吃垃圾食品。少看手机，按摩眼部穴位，艾灸下效果更好，每天户外阳光下二小时远望。不吃凉的，保证血液循环通畅。

眼轴会随着年龄的增长而增长。根据临床显示，14岁前近视增长的速度一般是一年100度左右，14岁之后一般每年近视增长的速度是50度左右。

http://med.china.com.cn/content/pid/192159/tid/1026

你戴错眼镜啦 读书笔记

 

1.
近视（Myopia/NearSightedness）

近视度数浅，看近有问题，近视度数深（超过350度），看近看远都有问题。

远视（Hyperopia/Farsightedness）眼球太短，看远没问题，看近费力。

老花眼（Presbyopia）是指人超过40岁以后，对近处物体的聚焦能力衰退。

散光（Astigmatism）因角膜不对称，看近看远都模糊。

2.

近视一般佩戴凹透镜矫正，凹透镜中心比边缘薄。

远视和老花眼用凸透镜。在国外，凸透镜称为阅读镜（Reading Glass）。

3.

角膜（Cornea）俗称黑眼珠，本身是透明组织，没有血管，是光线进入眼球的窗户。

虹膜（Iris）收缩可改变瞳孔大小，也决定眼镜本身的颜色。

4.

视学上以屈光度（Diopter，简写D）来反映眼睛付出的调节力，D越大代表付出的调节力越多。凡正常的眼睛看6米以内的物体都需要使用调节力。小孩可达12D的调节力，而老年时，调节力跌至1D，故年纪越大，看近越不清楚。

5.

近视度数又称为屈光度（Diopter），其实指透镜对光线的屈折能力，屈光度的计算公式：

D=F/100

F为镜片的焦距，以厘米为单位。

正常无限远看着清晰

100度近视100cm以内看着清晰

200度近视50cm以内看着清晰

500度近视20cm以内看着清晰

6.

痉挛性近视（Spastic myopia）又称假性近视（Pseudo myopia），或调节性近视（Accomodative myopia）。这类近视因为眼睛调节功能过度紧张而形成。

近视眼看近变的轻松，却失去看远清晰的能力。

7.

近视者看远时，可戴一副足够度数的近视镜片，看近时，则应戴一副较浅的近视镜片，以减轻眼睛的调节压力，防止度数不断加深。

8.

The Myopia myth by Donald 

The Myopia Myth: The Truth About Nearsightedness and How to Prevent It

How to avoid nearsightness （The amazon comment is pretty bad）

9. 戴远视镜，有放大效果，可减轻佩戴者看近的疲劳。要注意只有在长时间看近时才需要戴，平时不用戴。

孩子视力

在线视力检查：https://www.zeiss.ca/vision-care/en/better-vision/vision-screening.html  

医家秘传：http://blog.sina.com.cn/s/blog_643c2b690102vx5r.html 有用吗？

https://www.rolia.net/f/topic.php?v=p&f=0&p=11768842#p11768842

阿宝今天视力检查0.5，医生建议戴100度近视眼镜。一年半之前还是1.5的，这个covid19真恶心啊。希望还能恢复。

1. 是假性近视吗？

2. 眼药水会有帮助吗？

蓝莓、叶黄素有保护视网膜的作用，常看手机电脑的也可以适当补充。

户外活动。

【养眼操】

　　第一节，双眼向左上左下看，6×8拍。

　　第二节，双眼向右上右下看，6×8拍。

　　第三节，双眼向左向右看，6×8拍。

　　第四节，双眼顺时针转着看，四拍转一圈，把操作者的脸当成时钟的表面，眼球按左、下、右、上的方向依次转动，5×8拍。

　　第五节，双眼逆时针转着看，四拍转一圈，转动方向与第四节相反，眼球按右、下、左、上的方向依次转动，5×8拍。

区分假性近视和真性近视需要做散瞳检测。向孩子的眼内滴入散瞳眼药水，如果孩子的眼睛没有度数，那就说明孩子是假性近视；相反，孩子的眼睛依然可以检测出度数，那就说明孩子是真性近视。

https://www.rolia.net/f/topic.php?f=0&t=864920

如果回国，可以试试青少年渐进多焦片眼镜，上海茂昌的。我家儿子4年级200度，用到现在高二还是200度。

这个青少年渐进片是茂昌和吴良材专利

https://www.rolia.net/f/post.php?f=0&p=8347107

Reading glasses也就是老花镜,只在看近的物体和阅读时使用.因为是凸透镜,所以物体的成像会落在视网膜前面,和近视眼看远处物体的效果一样. 为了看清落在视网膜前的成像,眼肌就会放松,使眼球尽量变圆.即使已经近视了,眼球不能变圆了,因为眼肌处于放松状态,因此也不会对眼球有拉长的作用,从而减缓和防止近视的加深. 但不会使视力恢复到正常水平.

我的小孩发现近视时125度,我没有注意,以为少看书能控制住.但半年后发现加深了50度,速度相当惊人. 这才紧张起来,看了一些资料.没有佩近视镜,只佩了一副reading glasses. 小孩平时不戴眼镜也能看见老师黑板上的字,只是有些模糊. 放学回家看书看电脑戴reading galsses. 1年半时查视力没有改变,2年时查加深了25度,减缓了近视加深的速度.当然,这只是我们自己的体会,是不是对所有孩子适用,就不得而知了.

我女儿快6岁时,说有点近视,说必须带眼镜（没告诉度数），我坚持一年不给看电视,不给用电脑，每天读书+写作业时间不超过1小时，本来一年级也没什么作业，每周3次滑冰，1次跳舞，2次游泳。。。。上个月去查，说基本恢复了....参考

https://www.rolia.net/zh/post.php?f=0&p=11768842

低浓度阿托品眼药水本地没有成药，只能去药房配，北边的可以去IDA(9425 Lesile street, unit 150, 905-237-6937), 他们可以送，大约一个月50。

在一些护眼方法中，眼保健操可以改善眼睛局部血液循环，缓解一部分眼睛疲劳，闭眼的时候眼睛可以得到一定休息。把电脑屏幕底色调成绿色护眼方式，可以缓解视疲劳。

DHA是视网膜中含量最丰富的长链多不饱和脂肪酸，在眼睛视网膜中约占50%，对视力发育起到至关重要的作用。增加DHA的摄入量，会促进视网膜光感细胞的成熟，提高视敏感程度，对改善视力减退等问题都很有帮助。

如果放假之前孩子视力很好，看了一个假期的电子产品之后，视力忽然下降，到医院一查发现300°近视，这种短时间内的视力快速下降，很大可能是假性近视。

孩子到医院进行检查后，如果是假性近视，及时治疗后，视力还可以恢复到原来的状态。

是的，近视超过300度，那视力就真的不可逆了。原因就在于，300度是真性近视和假性近视的一个最高分界线。

1、每天2小时户外活动，凝视远方

保护视力，室内任何光都比不上自然光。建议每天2小时户外活动。

找一处10米以外的草地或绿树：绿色由于波长较短，成像在视网膜之前，促使眼部调节放松、眼睫状肌松弛，减轻眼疲劳。试着全神贯注凝视25秒，辨认草叶或树叶的轮廓；接着把左手掌略高于眼睛前方30厘米处，逐一从头到尾看清掌纹，大约5秒。看完掌纹后再凝视远方的草地或树叶25秒，然后再看掌纹。10分钟时间反复20次，一天做三回，视力下降厉害的要增加训练次数。

2、转眼法

选一安静场所，或坐或站，全身放松，清除杂念，二目睁开，头颈不动，独转眼球。

先将眼睛凝视正下方，缓慢转至左方，再转至凝视正上方，至右方，最后回到凝视正下方，这样，先顺时针转9圈，再逆时针方向转6圈，总共做4次。每次转动，眼球都应尽可能地达到极限。这种转眼法可以锻炼眼肌，改善营养，使眼灵活自如，炯炯有神。

作者：PiPi健康
链接：https://www.jianshu.com/p/58e16e0016ec
来源：简书
著作权归作者所有。商业转载请联系作者获得授权，非商业转载请注明出处。

CSR and SSL for Apache

 CSR and SSL for Apache

1. Create the CSR based on the https://www.digicert.com/kb/csr-ssl-installation/apache-openssl.htm 

you'll get the private key file and the csr file like 

openssl req -new -newkey rsa:2048 -nodes -out www_auspix_com.csr -keyout www_auspix_com.key -subj "/C=CA/ST=Ontario/L=Toronto/O=Peter/OU=Test/CN=www.auspix.com"

www_auspix_com.key

www_auspix_com.csr

2. Order Your SSL/TLS Certificate

You'll get the intermediate (DigiCertCA.crt) and your primary certificate (your_domain_name.crt) file.

3. Configure Apache

<VirtualHost 192.168.0.1:443> DocumentRoot /var/www/html2 ServerName www.yourdomain.com SSLEngine on SSLCertificateFile /path/to/your_domain_name.crt SSLCertificateKeyFile /path/to/your_private.key SSLCertificateChainFile /path/to/DigiCertCA.crt </VirtualHost>

4. Restart and Verify from the browser

https://www.venafi.com/blog/what-difference-between-root-certificates-and-intermediate-certificates

 

• Root Certificate. A root certificate is a digital certificate that belongs to the issuing Certificate Authority. It comes pre-downloaded in most browsers and is stored in what is called a “trust store.” The root certificates are closely guarded by CAs.
   
• Intermediate Certificate. Intermediate certificates branch off root certificates like branches of trees. They act as middle-men between the protected root certificates and the server certificates issued out to the public. There will always be at least one intermediate certificate in a chain, but there can be more than one.
   
• Server Certificate. The server certificate is the one issued to the specific domain the user is needing coverage for.

 Sams Teach yourself Apache 2 in 24 hours note

1. By default Mac BigSur has the apache

run the command to verify: httpd -v 

The installation path: /private/etc/apache2

The log location: /var/log/apache2

Document root: /Library/WebServer/Documents

2. httpd.conf

The ServerRoot directive takes a single argument: a directory path pointing to the directory where the server lives.

None disables per-directory files in that directory and any of its subdirectories. This improves performance and is the default Apache configuration.

1: <Directory />
2: AllowOverride none
3: </Directory>

3. control:

apachectl start/stop/restart/graceful

from the browser, http://localhost:80 will show "It works"

ErrorDocument 404 "Oops, we couldn't find your document!"

or

ErrorDocument 404 http://search.example.com

Alias /icons/ /usr/local/apache2/icons/

will cause a request for http://www.example.com/icons/image.gif to make Apache look for the /usr/local/apache2/icons/image.gif file.

4. reverse proxy

A reverse proxy is a Web server that sits in front of other Web servers, known as backend servers. The reverse proxy Web server can be configured to pass certain requests to the backend servers and return the result to the clients as if it were the reverse proxy that generated the content. 

You can use the ProxyPass and ProxyPassReverse directives to map URLs in the reverse proxy to URLs in the backend servers.

In certain situations, the backend server might issue redirects. These redirects will include a Location: header that contains a reference to the backend server (backend.example.com). The ProxyPassReverse directive will intercept these headers and rewrite them so that they include a reference to the reverse proxy (rproxy.example.com) instead.

The previous examples could be rewritten as follows:

ProxyPass /dynamic/ http://backend.example.com/
ProxyPassReverse /dynamic/ http://backend.example.com/

Note that the ProxyPassReverse directive operates only at the HTTP header level. It will not inspect or rewrite links inside HTML documents.

It is possible to prevent certain URLs from not being proxied by specifying an exclamation sign (!) as the remote site URL in ProxyPass directives. It is important that those directives are placed before other ProxyPass directives. For example, the following configuration will pass all requests to a backend site, except requests for images, which will be served locally:

ProxyPass /images/ !
ProxyPass / http://backend.example.com

5. SSL

If both sender and receiver share the same key, the process is referred to as symmetric cryptography. If sender and receiver have different, complementary keys, the process is called asymmetric or public key cryptography.

Public key cryptography takes a different approach. Instead of both parties sharing the same key, there is a pair of keys: one public and the other private. The public key can be widely distributed, whereas the owner keeps the private key secret. These two keys are complementary; a message encrypted with one of the keys can be decrypted only by the other key.

Anyone wanting to transmit a secure message to you can encrypt the message using your public key, assured that only the owner of the private key—you—can decrypt it. Even if the attacker has access to the public key, he cannot decrypt the communication. In fact, you want the public key to be as widely available as possible. Public key cryptography can also be used to provide message integrity and authentication. RSA is the most popular public key algorithm.

The SSL protocol uses public key cryptography in an initial handshake phase to securely exchange symmetric keys that can then be used to encrypt the communication.

SSL uses certificates to authenticate parties in a communication. Public key cryptography can be used to digitally sign messages. In fact, just by encrypting a message with your secret key, the receiver can guarantee it came from you. Other digital signature algorithms involve first calculating a digest of the message and then signing the digest.

Trust can be achieved by using digital certificates. Digital certificates are electronic documents that contain a public key and information about its owner (name, address, and so on). To be useful, the certificate must be signed by a trusted third party (certification authority, or CA) who certifies that the information is correct. 

Certificates have a period of validity and can expire or be revoked. Certificates can be chained so that the certification process can be delegated. For example, a trusted entity can certify companies, which in turn can take care of certifying its own employees.

If this whole process is to be effective and trusted, the certificate authority must require appropriate proof of identity from individuals and organizations before it issues a certificate.

The main standard defining certificates is X.509, adapted for Internet usage. An X.509 certificate contains the following information:

• Issuer: The name of the signer of the certificate

• Subject: The person holding the key being certified

• Subject public key: The public key of the subject

• Control information: Data such as the dates in which the certificate is valid

• Signature: The signature that covers the previous data

6.

To get a certificate issued by a CA, you must submit what is called a certificate signing request. To create a request, issue the following command:

# ./usr/local/ssl/install/bin/openssl req -new -key www.example.com.key
 -out www.example.com.csr

You can also create a self-signed certificate. That is, you can be both the issuer and the subject of the certificate. Although this is not very useful for a commercial Web site, it will enable you to test your installation of mod_ssl or to have a secure Web server while you wait for the official certificate from the CA.

You need to indicate where to find the server's certificate and the file containing the associated key. You do so by using SSLCertificateFile and SSLCertificateKeyfile directives.

You can control which ciphers and protocols are used via the SSLCipherSuite and SSLProtocol commands. 

 The SSLMutex directive enables you to control the internal locking mechanism of the SSL engine. 

asdf

a

sdfa

asdf