Sunday, December 17, 2006
poor IE
Tuesday, August 22, 2006
play with webthumb
webthumb 并没有真正 release,暂时还需要通过 websvn 界面访问。Debian 系统下安装:
并没有想象的顺利,出了一点小错误,#aptitude install mozilla-dev libgtk2.0-dev libglib2.0-dev libxml2-dev xvfb
$cd pageprint/src/
$make install
OK,google 一把,貌似是 gcc4.1 兼容问题,换 gcc-4.0,一样的错误,修改 HttpObserver.h 18 行为:HttpObserver.h:18: error: extra qualification 'HttpObserver::' on member 'SetupToModifyHeaders
//void HttpObserver::SetupToModifyHeaders(); void SetupToModifyHeaders();make 顺利通过,跑一把试试:
#cp PagePrint.xml /etc $./PagePrint -s http://localost/ webthumb.jpg Url: localost, Output: webthumb.jpg Starting PagePrint (PagePrint-bin:6239): Gtk-WARNING **: cannot open display:看来需要先起动模拟的 display:
$./scripts/runXvfb $ ./PagePrint -s http://localost/ webthumb.jpg Url: localost, Output: webthumb.jpg Starting PagePrint Xlib: connection to ":10.0" refused by server Xlib: No protocol specified (PagePrint-bin:6261): Gtk-WARNING **: cannot open display: $模拟的 Xserver,client 连接未获得授权。
$ randomkey=`date +"%y%m%d%H%M%S"` $xauth add ${HOST}:10 . $randomkey $./PagePrint -s http://goodjobs.cn/ goodjobs .... Attempting to Snapshot Webpage Successfully wrote snapshot: goodjobs-thumb_small.jpg Successfully wrote snapshot: goodjobs-thumb_medium.jpg Successfully wrote snapshot: goodjobs-thumb_medium2.jpg Successfully wrote snapshot: goodjobs-thumb_large.jpggreat, it works! 自动生成了不同大小的四份图片,看看 medium2 的实际效果。
- 系统为 Debian SID
- 实际运行 PagePrint 提示缺少 libgtkembedmoz.so,手工链接解决,不确定是否只是我本机问题。
ln -s /usr/lib/mozilla/libgtkembedmoz.so libgtkembedmoz.so
MySQL5 中文编码设定
[client] default-character-set=gbk [mysqld] default-character-set=gbk default-collation=gbk_chinese_ci [mysqldump] default-character-set=gbk [mysql] default-character-set=gbk重启,检查编码:
#/etc/init.d/mysql restart $mysql -uroot mysql> show variables like '%char%'; +--------------------------+----------------------------+ | Variable_name | Value | +--------------------------+----------------------------+ | character_set_client | gbk | | character_set_connection | gbk | | character_set_database | gbk | | character_set_filesystem | binary | | character_set_results | gbk | | character_set_server | gbk | | character_set_system | utf8 | | character_sets_dir | /usr/share/mysql/charsets/ | +--------------------------+----------------------------+ 8 rows in set (0.01 sec) mysql>貌似一切 OK 了? Wait, 用 PHP 试一把,类似结果:
|character_set_client | latin1 | |character_set_connection | latin1 | |character_set_database | gbk | |character_set_filesystem | binary | |character_set_results | latin1 | |character_set_server | gbk | |character_set_system | utf8 | |character_sets_dir | /usr/share/mysql/charsets/ |character_set_client 、|character_set_connection、character_set_results 被重置了! 如果你留意 MySQL 的 ChnageLog 你会发现,MySQL 5.0.13 添加了 skip-character-set-client-handshake 配置选项(Changes in release 5.0.13 ), ChangeLog 如是说: A new command line argument was added to mysqld to ignore client character set information sent during handshake, and use server side settings instead, to reproduce 4.0 behavior。 SO,加上看会有什么效果:
[mysqld] default-character-set=gbk default-collation=gbk_chinese_ci skip-character-set-client-handshake #/etc/init.d/mysql restart $php5 test_charset.php |character_set_client | gbk | |character_set_connection | gbk | |character_set_database | gbk | |character_set_filesystem | binary | |character_set_results | gbk | |character_set_server | gbk | |character_set_system | utf8 | |character_sets_dir | /usr/share/mysql/charsets/ |此时 MySQL 的编码模式完全和 MySQL 4 兼容了。So far so good,直到,你需要多编码并存时,你会发现,skip-character-set-client-handshake 不允许客户端重新设置编码。 yep, right, blame MySQL。 最终的选择是,remove skip-character-set-client-handshake 设置项,fix your legacy code.
#在 select 数据库之前 SET NAMES @@YOUR_CHARACTER_SET
UPDATE 2007-01-10: MySQL > 5.0.27 已经修正了客户端充值字符集问题,不再需要skip-character-set-client-handshake 选项。
Saturday, August 19, 2006
arp 设定小工具
#arp -d 192.168.0.1 #ping 192.168.0.1 #ip neigh list //找出网关 arp # arp -s 192.168.0.1 GATEWAY_ARP_ADDR索性写了个 shell 教本,方便每次设置:
#! /bin/sh
# arp util script
E_OPTERR=65
GW_ADDR=192.168.0.1
GW_HW_ADDR=00:e0:fc:xx:xx:xx
if [ "$#" -eq 0 ]
then
echo "Usage $0 -[options d,s,b,t]"
exit $E_OPTERR
fi
set -- `getopt "dsbt :" "$@"`
while [ ! -z "$1" ]
do
case "$1" in
-d) arp -d $GW_ADDR;;
-s) ip neigh list;;
-b) arp -s $GW_ADDR $GW_HW_ADDR;;
-t) ping $GW_ADDR;;
*) break;;
esac
shift
done
exit 0
使用起来 #arputil -dbt 方便不少;
random things
- del.icio.us 内容表现增强,首页加了 thumbnails;
- metacafe.com 换了 flv,flash7 不被支持,shame;
- Across The Distros, flash9 on Linux ,快点来吧,若是迟了,快乐也不那么痛快。
Thursday, March 23, 2006
Novell iFolder Open Source Project
Wednesday, March 22, 2006
virus and worms detection
Javier say:great explaination for me!First things first, Snort is an Intrusion Detection System, so it's more targeted towards finding attacks in the network targeted against internal systems. However, Snort does provide rules for common virus signatures (transmitted through e-mail, by inspecting the SMTP traffic) and worms (by detecting their activity on the network). Notice, however, that if you want to detect new worms you should not rely on the Snort rules provided in the current stable release, as they are quite out of date. You can download updated rules from snort.org. You might want to update it too using a backported package of a newer version than the one in stable [1]
A separate method for detecting worms in your network is to prove the systems you manage using a vulnerability assesment tool. You can use Nessus for that (provided in Debian). Again, make sure that you use an updated version (not the one from stable, backports are available [2])
Nessus provides some plugins to test for installed backdoors, trojans and known worms. However, a Nessus scan is quite intrusive (it might even kill some systems) so you should approach that possibility with care. You can update your Nessus server with new attack plugins using 'nessus-update-plugins'
A third way to do what you propose (detect trojans, worms, etc.) is to do statistical analysis of the traffic generated by your clients and the amount of traffic (bandwith usage). That kind of analysis can enable to nail down some nasty clients. Sometimes you need to go down to the physical level (i.e. to the switches to obtain port statistics) since some worms might be doing TCP/IP spoofing (IIRC Slammer did this). In order to do statistical analysis it is usually good to keep up with Internet trends, something you can do visiting the "Internet Storm Center" [3]. Some traffic (like constant outgoing traffic to port 135 against random or consecutive IP addresses) is usually an indicative of a worm spreading. Again, tools to do this include ntop, iptraf, darkstat (for statistical analysis) and ethereal, tcpdump, sniff, ettercap, nwatch adn sniffit (amongst others)
Finally, since many of the virus nowadays are mass-mailing, it might be worth analysing the amount of outbound e-mail sent by internal clients. Even if you do not add an antivirus tool to your outgoing SMTP relay server (some av mail-server tools have already been commented on the replies you got) analysis of the amount of traffic might be sufficient to pin-point virus activity. There are a number of tools to generate that data, based on what you use as input (firewall logs, mail server logs...)
Hmmm... I've rambled for enough time... Happy hunting! :-)
Javier
[1] The maintainer provided backports for 2.0.1-3 which are available at http://people.debian.org/~ssmeenk/snort-stable-i386/ (I've tested those). I also made a backport (2.0.6-1) which I have testd also and can be retrieved from http://people.debian.org/~jfs/snort/ Finally, you can find packages for 2.1.0 (I don't have experience on these) at http://www.backports.org/debian/dists/stable/snort/binary-i386/
[2] Official backports available at http://people.debian.org/~jfs/nessus
[3] http://isc.incidents.org/