I'm just a unisexual dog of no breed, disguised as a Homo sapiens in front of computer.
All content of this site is licensed under a Creative Commons Attribution 3.0 License, unless stated otherwise. Some images and logos belong to their corresponding trademark / copyright owners.It had been some while ago since last time I was using netcat for Windows. Indeed it is always an invaluable tool, indispensable for any network admin or computer security workers. So it is kind of shocked when the official site for win32 netcat, http://www.vulnwatch.org/netcat/, is not even available on Google cache.
很久沒有那種找到知音的感覺了。雖然大多數內容都是諷刺或帶憤世嫉俗的語氣,但的確說出了許多 Linux 用家的心聲。以往也想過自己寫些甚麼的 (事實上也寫了兩篇稿給 LinuxPilot,但角度不同),但就是沒法谷着那一口烏氣去寫出來,要寫也寫不出那麼辛辣的英文語句。
不過找到臭味相投的人,都是多得 Planet GNOME (我說的是這一篇)。如果是平時,早就一笑置之,看也不再看一眼,但昨天竟失了常性,把那種視用家如低等動物的「開發者」臭罵一頓。這幾年來我的忍耐力一天比一天差了。那個「開發者」到最後算是半道歉地解釋他不是討厭那個 blog,雖然看不到有任何反話的成份(倒比較像是那些自封為神的開發者踐踏用家),但也就算了。
但有一點是可以看到的,那類叫用家滾回 Windows 的原教旨主義者絕對是 Linux 失敗的毒瘤之一,雖然這種毒瘤是割不完的。
想來,我也該是時候貼 LinuxPilot 那些文章出來了。
2008-06-21 編輯:那句 “ungzip my pants and suck my tarballs” 真是絕句!
一則只有寥寥數字的新聞,竟引起我的注意:
第一次從標題就可以猜中新聞的所有內容,幾乎一字不漏。現在美國哪個社交網站成為天之驕子?全行皆知現在是 Facebook,根本不用說,MySpace 已經過氣了。哪個姓李的人會做這種投資?因為以往工作經驗的關係,立即就估中,不過不是李澤楷哪。(相信看到這句後,有些人會回想起當年的日子。) 這時第一個在腦海中浮現的字,就是「科網股 2.0」。想不到魔手這麼快伸到外國的 Web 2.0 了,且看看 Facebook 何時完蛋。不過,不同於香港那種純粹炒爆谷,Facebook 的大老闆比較懂得生意經,公司也比較有實力,沒像香港般,只有個不能用的 webmail 竟也可以上市,用幾億也搞不成一個網站。
2008-03-31 更新:原來我是井底之蛙。
Lately this site, blogsecurity.net, caught my attention. Although a new site, it has already done a really good job disclosing and discussing new vulnerabilites in WordPress, be it serious or not.
One of the most important stuff is its WordPress Scanner, which used to be a downloadable script, but now this thing is available on web only. It tries to scan your WordPress blog, and discover its version, plugins used, and whether it is vulnerable to XSS attack. (Thanks to this scanner, I have fixed some of the problems in my own blog.)
And it is not holding back new WordPress holes from disclosure — for example, a new article yesterday showed how to perform enumeration on WordPress installation by brute force, so that valid usernames can be found, as a stepping stone on obtaining username / password. And everybody is using the default ‘admin’ username, right?
The share of XSS vulnerabilities would not be omitted. Just counting post-2.2.1 ones, there are at least 2:
http://legitimate.com/wordpress/wp-login.php?redirect_to=http://evil.com
http://vulnerable.blog/wordpress/wp-pass.php?_wp_http_referer=http://evil.com
Here is a good quote from one of them:
WordPress have apparently said they will resolve this vulnerability in v2.2.2.
And indeed, none of which is fixed in WordPress source code repository at all as of now. (2 weeks after the latter vulnerability is disclosed, that is) And there is no apparent schedule for 2.2.2.
Overall, this site provides a good reading for those who care about their WordPress’ safety.
PipperL’s alternative theme plugin is convenient when people want to try one of the most geekish WordPress theme, CLI theme, by Rod McFarland. Other than setting it as default theme (most people wouldn’t want that), or using ThemeSwitcher, PipperL’s plugin is the 3rd method — appending '/cli' to the end of site URL automatically changes to CLI theme.
Even though I don’t use PipperL’s plugin anymore (using ThemeSwitcher now), this might still be useful for others: somebody else extended it and gave it a new life: CLI switch. The original plugin no more works for CLI theme 2.0 or above.
Dennys also posts some instruction on how to update the plugin so it works for CLI 2.0 theme. However the instruction is hackish, and not feasible for Joe users.
2008-07-07 edit: I stopped using anything related to CLI plugin at least a whole year ago. It is a mess regarding CJK support… well, put it simply, there is no support. I have given up.
After avoiding exim4 for such a long time, finally I have to deal with it. New machine installs postfix by default, but there are many custom configuration that was done inside my old exim3, so I guess using exim4 was a bit easier, and give it a chance. I was wrong. exim4 is powerful, but I find the new configuration a bit hard to grasp, especially after Debian’s major overhaul. It is very flexible, yet difficult to trace.
Being upset (because I’m short of time), I attempted to search for some crash course, and finally found one that saved my day — it deals with exim4 + spamassassin + clamav + virtual domain aliases, in a step by step way. Exactly 100% what I need.
RSS