Pank's Blog

AVIcodec

AVIcodec can detect the codecs of AVI, ASF & WMV, Real (.rm, .rmvb), Ogg (.ogg, .ogm), Mpeg-(S)VCD-DVD (.mpg, .vob) files

Test your Java Virtual Machine (JVM)

Test your Java Virtual Machine
Short URL http://testjvm.77bbs.com

Linux: Can not mount iso over NFS ?

test.iso is on NFS server
# mount -o loop test.iso /mnt
test.iso: Permission denied
Why?

Ans: because no "-o ro" assumes "-o rw",
if you don't have wirte permission on NFS, this problem occured.
try
# mount -o loop,ro test.iso /mnt

Skype for Linux configuration path

Skype for Linux 's configuration save in directory ~/.Skype/
e.g.
user pank in /home/pank/.Skype/
user root in /root/.Skype/

Running Windows Viruses Under Linux

Running Windows Viruses Under Linux
An interesting article that test many viruses under Linux.

FreeBSD 4.11-RELEASE

FreeBSD 4.11-RELEASE Release Notes

Funny Bill Gates pics from 1983

Funny Bill Gates pics from 1983
Sexy pose

Picasa

Picasa is an excellent photo management program power by google.
Download

Unfortunately, Picasa doen't support Chinese now.

OpenOffice 2.0 Snapshot Builds

OpenOffice 2.0 Snapshot Builds 已經比舊版更相容於微軟的 Office, 但是仍有很大的進步空間.
若 OO 可以做到和微軟完全相容, 格式也不會亂掉,
誰還需要購買微軟的 Office?

77 Online Dictionary

I wrote 77 online dictionary plugin for IE and Firefox
Install page
Dictionary database from pyDict

Project Honey Pot

Project Honey Pot is a distributed system of decoy email addresses website administrators can include on their sites in order to gather information about the robots and spiders spammers use.
We collate data on how addresses are harvested, distributed, and eventually spammed in order to understand the entire spam cycle.
My honey pot page

Explore2fs, the WIN32 explorer for Linux ext2fs partitions

http://uranus.it.swin.edu.au/~jn/linux/explore2fs.htm
I fogot this tool name, I search "ext2explorer", but failed.
It's "Explore2fs", just make a note.

GMail Messages are Vulnerable to Interception

GMail messages are vulnerable to interception.
An attacker has only to transmit malformed test messages to himself,
and information left over in memory,
from previous messages destined for other people,
will appear with the test messages, in the attacker's inbox.
Sometimes, this information may include usernames and passwords...

Gmail maybe knew the problem and made some change.
I worte a malformed (From: <test@test.com) message to myself,
Click the message shows:
Oops...the system was unable to perform your operation.
Please try again in a few seconds

Microsoft Malicious Software Removal Tool

Microsoft Malicious Software Removal Tool
This tool scans for and cleans malicious software associated with the following security threats:
Berbew, Blaster, DoomJuice, Gaobot, Mydoom, Nachi, Sasser, Zindos

ref.
Microsoft AntiSpyware (Beta)
Dave's blog

Yahoo! Desktop Search

Yahoo! released Yahoo! Desktop Search recently.
A firend reported it's not Chinese compatible now.

ref.
Google Desktop Search vs. MSN Toolbar
Copernic Desktop Search

Greylisting

Greylisting is a new method of blocking significant amounts of spam at the mailserver level
It's a good method but the mail will be delayed at first time with same "triplet".

ref. Whitepaper | Links to Implementations and Information

"triplet" are

1. The IP address of the host attempting the delivery
   
2. The envelope sender address
   
3. The envelope recipient address

1. Check if the sending relay (or network) is whitelisted, and if so, pass the mail.
2. Check if the envelope recipient (or domain) is whitelisted, and if so, pass the mail.
3. Check if we have seen this email triplet before.
   
   1. If we have not seen it, create a record describing it and return a tempfail to the sending MTA.
      
   2. If we have seen it, and the block is not expired, return a tempfail to the sending MTA.
      
   3. If we have seen it, and the block has expired, then pass the email.
4. If the delivery attempt should be passed and the delivery is successful:
   
   1. Increment the passed count on the matching row.
      
   2. Reset the expiration time of the record to be the standard lifetime past the current time.
5. If the delivery attempt has been temporarily failed:
   
   1. Increment the failed count on the matching row.
      
   2. If the sender is the special case of the null sender, do not return a
      failure after RCPT, instead wait until after the DATA phase.
   
   
   Posted by pank at 01:11 AM | Comments (0)

Virtual Tunnel

Virtual Tunnel(VTun) is similar to Softether,
even more powerful for Linux or FreeBSD.
To build VTun, needs following rpms
liblzo1
liblzo1-devel
bison or byacc (byacc build failed in my case, so I install bison rpm)
Working example:
Server config /usr/local/etc/vtund.conf

default {
  type tun;
  proto udp;
  compress lzo:1;
  keepalive yes;
}

s2 {
  passwd abcd;
  up {
   ifconfig "%% 10.10.0.1 pointopoint 10.10.0.2";
   route "add -net 10.10.1.0 netmask 255.255.255.0 gw 10.10.0.2";
   program /sbin/arp "-sD 10.10.0.2 eth0 pub";
  };
}

Client config /usr/local/etc/vtund.conf

default {
  type tun;
  proto udp;
  compress lzo:1;
  keepalive yes;
}

s2 {
  passwd abcd;
  up {
   ifconfig "%% 10.10.0.2 pointopoint 10.10.0.1";
   route "add -net 10.10.0.0 netmask 255.255.255.0 gw 10.10.0.1";
  };
}

Before run vtund, both client and server needs to load tun module (modprobe tun), then
Server run vtund -s
Client run vtund s2 140.117.53.147
(140.117.53.147 is server IP)

Result:
Server
tun0 Link encap:Point-to-Point Protocol
   inet addr:10.10.0.1 P-t-P:10.10.0.2 Mask:255.255.255.255
   UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
   RX packets:15 errors:0 dropped:0 overruns:0 frame:0
   TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
   collisions:0 txqueuelen:10
   RX bytes:1260 (1.2 Kb) TX bytes:672 (672.0 b)

Client
tun0 Link encap:Point-to-Point Protocol
   inet addr:10.10.0.2 P-t-P:10.10.0.1 Mask:255.255.255.255
   UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
   RX packets:8 errors:0 dropped:0 overruns:0 frame:0
   TX packets:15 errors:0 dropped:0 overruns:0 carrier:0
   collisions:0 txqueuelen:10
   RX bytes:672 (672.0 b) TX bytes:1260 (1.2 Kb)

ref. Softether

Mersenne Primes

A Mersenne prime is a prime number of the form 2^P-1.
There are 41 known Mersenne primes.

ref. GIMPS Home Page

grid.org

Grid.org is a single destination site for large-scale research projects
powered by the United Devices grid computing solution
Current Project: Human Proteome Folding
Download the UD Agent

ref.
United Devices
Folding@home
SETI@home

x.x.x.x sent an invalid ICMP type 11, code 0 error to a broadcast

Linux console shows something like "x.x.x.x sent an invalid ICMP type 11, code 0 error to a broadcast ..."
What's the problem?
Let's see kernel source net/ipv4/icmp.c

if (!sysctl_icmp_ignore_bogus_error_responses)
{
 if (inet_addr_type(iph->daddr) == RTN_BROADCAST)
 {
  if (net_ratelimit())
  printk(KERN_WARNING "%u.%u.%u.%u sent an invalid ICMP type %u, code %u error to a broadcast: %u.%u.%u.%u on %s\n
  NIPQUAD(skb->nh.iph->saddr),
  icmph->type, icmph->code,
  NIPQUAD(iph->daddr),
  skb->dev->name);
  goto out;
 }
}

It is because recieve ICMP bogus response,
to ignore this, add net.ipv4.icmp_ignore_bogus_error_responses=1 to /etc/sysctl.conf

Local Root Exploit in Linux 2.4 and 2.6

http://www.isec.pl/vulnerabilities05.html
not exploit on my machine (Mandrake 10.1)
maybe only exploit under some conditions

ref. linux.slahdot news

Apache module mod_proxy

ProxyPass allows remote servers to be mapped into the space of the local server

You have to enable mod_proxy during buid apache
e.g.
./configure --prefix=/usr/local/apache --sysconfdir=/usr/local/apache/conf \
--enable-module=so --enable-module=rewrite --enable-module=proxy

Example:
a FreeBSD server, WAN IP 140.117.53.147, LAN IP 192.168.0.1, with Apache 1.3.33
a Windows IIS server, LAN IP 192.168.0.6, Gateway 192.168.0.1

Example Settings 1: (all can connect iis.pank.org)

<VirtualHost 140.117.53.147>
  ServerName iis.pank.org
  ProxyPass / http://192.168.0.6/
</VirtualHost>

Example Settings 2: (restrict from, only 140.117.0.0/16 can connect)

<VirtualHost 140.117.53.147>
  ServerName iis.pank.org
   <Directory proxy:*>
   Order deny,allow
   Deny from all
   Allow from 140.117.0.0/16
  </Directory>
  ProxyPass / http://192.168.0.6/
</VirtualHost>

note: Setting ProxyRequests to off does not disable use of the ProxyPass directive.
ref.
Apache module mod_proxy
R-Proxy

Genuine Microsoft Software

Genuine Microsoft Software 是 微軟最新驗證正版 Windows 的嘗試
目前不是正版軟體仍可以下載更新軟體及加值軟體, 未來可能強制需要驗證才能進行更新與下載服務

裡面有一個加值軟體: Photo Story
我覺得很棒, 可以把照片串連成影片, 可加上音樂及配音
Download

BASH Trick: check variant if contains some string

bash trick: build-in method

A="abcd0123456789"
if [ "${A/1234/}" != "$A" ] ; then
  echo yes
fi

grep method

A="abcd0123456789"
if echo $A | grep -q 1234 ; then
  echo yes
fi

After I test, 1st method is 40 times faster then grep method

Useful Firefox Trick

Ctrl + / Ctrl - or CTRL-Mouse wheel to zoom in / zoom out page
Press / to search
Ctrl-T to open new tab
Ctrl + Mouse Click to open URL in new tab
Ctrl-[1-9] to switch tab (Alt-[1-9] under X Window)
Type about:config in location bar for tweaking

My Firefox Extensions
All-in-One Gestures (Linux and Windows)
Auto Copy (Windows)
Context Search (Linux and Windows)
DragToTab (Linux and Windows)
Flash Got (Windows)
ieview (Windows)
Minimize to Tray (Windows)
Paste and Go (Windows)

ref. http://hemiolapei.free.fr/divers/mozilla.html

Microsoft AntiSpyware (Beta)

Microsoft AntiSpyware
Download
I just tried, it's very powerful.

ref. Microsoft Anitspyware First Iimpression

Free Gmail Accounts for Pank's Blog Reader

Gmail 又送了一些邀請函,
需要邀請函的人請留下 Email, 或 來信索取.
送完為止

Gmail released more invitations,
Post your Email or mail me for invitation.

Gambas

http://gambas.sourceforge.net/
This project aims at making a graphical development environment based on a Basic interpreter,
so that we have a language like Visual Basic™ under Linux™.

CPU Speed vs FreeBSD make world time

Yesterday I upgrade my machines to FreeBSD 4.11-RC2

Slate's 13 Best Movies of 2004

http://slate.msn.com/id/2111610/

bind9 view statements

view "public" {
    match-clients { !192.168.0.0/16; any; };
    recursion no;
    zone "." {
        type hint;
        file "named.root";
    };
    zone "test.com" {
        type master;
        file "db.qmio";
    };
};

view "private" {
    match-clients { 192.168.0.0/16; };
    zone "." {
        type hint;
        file "named.root";
    };
    zone "test.com" {
        type master;
        file "db.test.private";
    };
};

Copernic Desktop Search

Slate did a comparison of them and Copernic was the best (Grade A).

KVM over IP

這真是好東西, 可遠端操控 Console
感謝 DarkKiller 提供的 Screen Shot
BIOS 畫面 | Linux 畫面 | FreeBSD 畫面
相關廠商 link
http://www.raritan.com.tw
http://www.aten.com.tw
http://www.pstek.com.tw
http://www.epanio.com.tw
http://www.accordance.com.tw

Password Recovery Tools

http://www.lostpassword.com/
http://www.rixler.com/

Microsoft's Top 10 Milestones for 2005

http://www.microsoft-watch.com/article2/0,1995,1747067,00.asp

Postfix-SMTP-AUTH-TLS-Howto (Update v2)

舊版 Postfix-SMTP-AUTH-TLS-Howto
更新一些檔案, 步驟大至相同

取得檔案
wget http://www.openssl.org/source/openssl-0.9.7e.tar.gz
wget ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.20.tar.gz
wget http://archive.mgm51.com/mirrors/postfix-source/official/postfix-2.1.5.tar.gz
wget ftp://ftp.aet.tu-cottbus.de/pub/postfix_tls/pfixtls-0.8.18-2.1.3-0.9.7d.tar.gz

解壓檔案
tar zxf openssl-0.9.7e.tar.gz
tar zxf cyrus-sasl-2.1.20.tar.gz
tar zxf postfix-2.1.5.tar.gz
tar zxf pfixtls-0.8.18-2.1.3-0.9.7d.tar.gz

編譯 openssl
cd openssl-0.9.7e
./config
make
make install

編譯 cyrus-sasl-2
cd ../cyrus-sasl-2.1.20
./configure --enable-anon --enable-plain --enable-login --with-saslauthd=/var/run/saslauthd --with-pam --with-openssl=/usr/local/ssl --with-plugindir=/usr/local/lib/sasl2 --enable-cram --enable-digest
make
make install
(若已有裝 libsasl2 rpm, 需移除, 然後 ln -fs /usr/local/lib/libsasl2.so.2.0.20 /usr/lib/libsasl2.so.2)

[ -d /usr/lib/sasl2 ] && mv /usr/lib/sasl2 /usr/lib/sasl2_orig
ln -s /usr/local/lib/sasl2 /usr/lib/sasl2
printf "pwcheck_method:saslauthd\nmech_list: plain login digest-md5\n" > /usr/local/lib/sasl2/smtpd.conf

編譯 postfix (含 tls patch)
cd ../postfix-2.1.5
useradd postfix
groupadd postdrop
patch -p1 < ../pfixtls-0.8.18-2.1.3-0.9.7d/pfixtls.diff
(仍可套用在 postfix 2.1.5)
make makefiles CCARGS="-DHAS_SSL -DUSE_SASL_AUTH -I/usr/local/include/sasl -I/usr/local/ssl/include" AUXLIBS="-L/usr/local/ssl/lib -L/usr/local/lib -R/usr/local/lib -lsasl2 -lssl -lcrypto"
make
make install
(全部用預設值按 enter 即可)
cp /etc/postfix/aliases /etc/
newaliases
mkdir -p /var/spool/postfix/etc
cd /etc
cp localtime services hosts resolv.conf /var/spool/postfix/etc
mkdir -p /var/run/saslauthd
(mux socket file 存放處)

產生 certificate files for TLS
cd /etc/postfix
openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650

編輯 /etc/postfix/main.cf 加入下列
# SASL
smtpd_recipient_restrictions=permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_sasl_auth_enable=yes
smtpd_sasl_security_options=noanonymous
broken_sasl_auth_clients=yes
# TLS
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/smtpd.pem
smtpd_tls_CAfile = /etc/postfix/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

啟動 postfix 及 saslauthd
postfix start
saslauthd -a shadow -m /var/run/saslauthd

測試
telnet localhost 25

220 pank.idv.tw ESMTP Postfix
ehlo 0
250-pank.idv.tw
250-PIPELINING
250-SIZE 10485760
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN DIGEST-MD5
250-AUTH=LOGIN PLAIN DIGEST-MD5
250-XVERP
250 8BITMIME

看起來正常, 再測試認證, 使用者名稱 pank, 密碼 test
取得編碼後字串 printf 'pank\0pank\0test' | mmencode
得到 cGFuawBwYW5rAHRlc3Q=
(使用這個方法測試時, 用數字 0-7 開頭的密碼會認證錯誤, 原因不明.
而事實上, 使用上述密碼在 smtp auth 上是沒問題的)

telnet localhost 25

220 pank.org ESMTP Postfix
ehlo 0
250-pank.org
250-PIPELINING
250-SIZE 10485760
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN DIGEST-MD5
250-AUTH=LOGIN PLAIN DIGEST-MD5
250-XVERP
250 8BITMIME
auth plain cGFuawBwYW5rAHRlc3Q=
235 Authentication successful

已正常運作

若是 failed, 就看 log 查原因

ref. Postfix/TLS - A TLS extension for POSTFIX

FAQ
Q: make postfix failed, db* not found
A: install libdb* and libdb*devel (e.g. libdb3.3-3.3.11-17mdk.i586.rpm, libdb3.3-devel-3.3.11-17mdk.i586.rpm)
Q: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
A: 1. 可能用到原本 rpm 的 libsasl2, 需先移除, 然後 ln -fs /usr/local/lib/libsasl2.so.2.0.20 /usr/lib/libsasl2.so.2
  2. smtpd run chrooted, There are two ways to fix this:
    1. Unset the 'chroot' flag in master.cf for smtpd on port 25
    2. Use a Linux bind mount to make the socket accessible within the chroot.

Lunch atop a skyscraper

Lunch atop a skyscraper
這張經典的照片攝於 1932 年, 上面那些工人真勇敢!

全球IPv4/IPv6位址統計

全球IPv4位址統計
全球IPv6位址統計