Security
我不是都说了吗……连自己的老巢都让人端了的系统你没法相信
于是他们又来了。
如果你正在用Linux kernel 2.2.x,2.4.x(从开始到2.4.29-pre3),2.6.x(从开始到2.6.10),那么你就有事干了。通过合理地注入代码,任何人都可以拿到root,因为kmem_cache_alloc()的执行过程被打断,则VMA的红黑树可能会在不希望的地方插入一个节点,并进而通过LDT调用门获取CPL0特权。
阅读全文…关掉了publisher ping
昨天下午接到通知说这台机器不能往外主动建连接了,本来想说道两句,但后来觉得其实有几个能连出去的端口就足够了,终于等到这一天啦,更何况我觉得那个服务没给我带来任何好处,没有也就没有了,还什么XML RPC,搞笑,traceback是什么呀?申请了没有?
其实不能连出去挺好的,再也不用担心像从前公司的服务器突然被告知「连接了某某网站,根据某某部门的要求,现停闭你公司服务器,特此通知」的事情了。
阅读全文…jdk 1.4.2 patchset 7 released
This should be considered as a “security release” somewhat. I’m building package for it at company’s buildbox, and it would be deployed internally.
参与评论delphij.net part on cnftp nuked
I’ve finally decided to move out from cnftp as I can’t figure out when, what and why its configuration that can influence my site keeps changed from time to time. Everything pulled out, and the httpd configuration has been removed to reflect this without misleading people who has decent DNS records cached in their DNS mirrors.
Still don’t know why a simple upgrade will cause GB2312 to represent in UTF8 errornously. Maybe when I have time, but not now.
参与评论OpenBSD has netcat in their base...
And seems that they have re-implemented it… Why netcat… I can’t understand it…
参与评论正式部署了反垃圾comment插件
实在是不得已而为之,spammer越来越过分了。comment插件一口气删掉了将近300条垃圾comment。
Kill spam!!
参与评论看了看ACM发来的spam专刊
感觉现在反垃圾技术发展到了一个坎上,短期内恐怕不会什么大的技术突破。基本的技术就是黑白名单、内容分析、特征分析。垃圾邮件发送的技术最近也没什么大的进展,目前我能够做到的漏判大约是万分之七,误判万分之五左右,前一阵考虑的技术还没有时间去做……
参与评论[RESOLVED] Strange issue that ntpdate can't sync time
So, it’s in security category.
With ntpdate time-a.nist.gov I got “No server suitable…”.
And then I have asked my network administrator.
Then I got a point that there’s some rules in filter.
But ntpdate -d works.
Then I tried ntpdate -u.
Then, it works…
参与评论Fast jail vs qmail
It seems that the official FreeBSD qmail port’s disable-qmail (as well as the Live with Qmail documentation) will need write access to /usr/bin and /usr/libexec, and hence the “fast jail” script I have written has been rendered useless :-(
I will investigate the issue this weekend and hopefully I will be able to work around the issue.
参与评论Blog spam fighter
Today liukang has suggested some software that will fight against blog spamming. They are:
http://www.jayallen.org/projects/mt-blacklist/
and
http://www.neuro-tech.net/archives/000315.html
The first is MT plugin and the second is its data automatic updater.
I’ve no time to turn them into ports at this time. Will try them on my box and if I have time I will port them.
参与评论