Monday, January 22, 2007

CVS Reminder

-First Set the Env. Var. CVSROOT to the cvsrepo directory
-mk. dir. ( project ) wishing to add it to the repos. inside the repos.
-Checkout this directory
-Add files and commit.

Sunday, January 21, 2007

Google hacks security vulnerabilities

Default Resources:
intitle:"Test Page for Apache"

Directory Listings :
intitle:"Index of" admin
return URLs that contain directory listings of /admin.

more queries that take advantage of directory listings:

intitle:"Index of" .htpasswd

intitle:"Index of" stats.html

intitle:"Index of" backup

intitle:"Index of" etc

intitle:"Index of" finance.xls

Error Messages:

"A syntax error has occurred" filetype:ihtml

"ORA-00921: unexpected end of SQL command"

Remote Services:

"VNC Desktop" inurl:5800

intitle:"Terminal Services Web Connection"

Google can also find administrative applications that allow users to configure systems remotely. For example, here is how to locate phpMyAdmin installations:

"phpMyAdmin" "running on" inurl:"main.php"

GoogleAnalytics V.s AW

Google analytics as a __remote-hosting__ statistics analyzer tool;
useful features:

- Browser & Platform Combos versions
- Unique/returner Visitors
- Languages
- Referring Source Google, yahoo....
- Java Enabled
- Geo Location
- Geo Map Overlay
- Flash Version
- Connection Speed
- Network Location
- Top Content/Content by title.
- Depth/Length of Visit
- XML/excel/Tab-separated exportation for every single statistic.

What's in Aw. and not of Google A. :

-rush hours report
-Visits of robots checker
-Worms attacks checker
-Number of times your site is "added to favorites bookmarks".
-Whois links
-Static reports in one or framed HTML/XHTML pages, experimental PDF export.

Aw Requirements :
-Server must log web access in a log file you can read.
-Ability to run Perl scripts (.pl files) from command line and/or as CGI.
-Somehow Aw. can be used locally without server access by either SFTPing all logs but only if they are made accessible and work on them locally, or by using a _trick_ ,
Add a tag to call a CGI script like _pslogger_ into each of the web pages that acquiring analysis . This to have an artificial log file that can be analyzed by AW.

For dereferencing / presentation issues ;

Saturday, January 20, 2007

localhost.localdomain

A while back I was trying to set up some packaging tools on a Debian system, and came across a problem where my host was identifying itself as host/localhost.localdomain .

Firstly hostname returned the correct thing (i.e. servername), and secondly that /etc/hosts looked like this:

x.x.x.x servername.mydomain.com servername
127.0.0.1 localhost.localdomain localhost servername


some applications can’t cope with 127.0.0.1 returning localhost.localdomain instead of localhost.

Replacing that last line with

127.0.0.1 localhost localhost.localdomain servername

solved the problem - i.e. localhost.localdomain wants to be an alias,
this was using a sarge system; I don’t know what the current situation is with etch, nor whether it has been fixed in recent sarge update.

Linux Kernel - Intro

I see it important to give a bit of information regarding the Linux kernel , for whom don't know more than that Linux is power fulled cause of kernel without knowing anything more about it.

We can say that the __Kernel__ is the core of operating system;
it is the program that controls the basic services that are utilized by user programs.

The kernel is responsible for:
-CPU resource scheduling (regarding process management)
-Memory management (including protection implementation)
-Device control (providing the device-file/device-driver interface)
-Security (device, process and user level)
-Accounting services (including CPU usage and disk quotas)
-Inter Process Communication (shared memory, semaphores and message passing)

Kernel does the memory management for all of the running programs (processes) and that they all get a fair share of the processor’s cycles, also provide portable interface for programs to talk to hardware.

It is physically a file that is usually located in the /boot directory. Under Linux, this file is called vmlinuz.

Foo-bar:/home/mina# ls -l /boot/vm*
-rw-r--r-- 1 root root 1231478 Jan 24 2005 /boot/vmlinuz-2.6.8-2-686-smp

-The size of the kernel is Dependant on what features compiled into it, what modifications made to its data structures and what additions made to its code.

-vmlinuz is referred to as the kernel image. At a physical level, this file consists of a small section of machine code followed by a compressed block. At boot time, the program at the start of the kernel is loaded into memory at which point it uncompresses the rest of the kernel.

-/usr/src/linux is a soft link to /usr/src/ within this directory hierarchy are in excess of 1300 files and directories which consists of around 400 C source code files, 370 C header files, 40 Assembler source files and 46 Makefiles. These, when compiled, produce around 300 object files and libraries; large portion of this is driver code.

-Only drivers that are needed on the system are compiled into the kernel, the rest can be placed separately in things called modules.

-Kernel Boot steps:

1) The boot loader program (e.g. grub) starts by loading the vmlinuz from disk into memory, then starts the code executing.
2) After the kernel image is decompressed, the actual kernel is started. This part of the code was produced from assembler source.
Technically at this point the kernel is running. This is the first process (0) and is called swapper. Swapper does some low level checks on the processor, memory and FPU availability, then places the system into protected mode. Paging is enabled.
3) Interrupts are disabled though the interrupt table is set up for later use. The entire kernel is realigned in memory (post paging) and some of the basic memory management structures are created.
4) At this point, a function called start_kernel is called.
start_kernel is physically located in /usr/src/linux-2.x.x../init/main.c and is really the core kernel function.
5) start_kernel sets up the memory, interrupts and scheduling.
In effect, the kernel now has multi-tasking enabled.
The console already has several messages displayed to it.
6) The kernel command line options are parsed (those passed in by the boot loader) and all device driver modules are initialized.
7) Then memory initializations occur, socket/networking is started and bug checking.
8) The final action performed by swapper is the first process creation with fork whereby the init program is launched. Swapper now enters an infinite idle loop.

-The timer interrupts are now set so that the scheduler can step in and pre-empt the running process. However, sections of the kernel will be periodically executed by other processes.

Comment or give some detailed discussion if you do like.

Friday, January 19, 2007

RELAX-NG V.s W3C XML-Schema | Jing

As of start packaging Jing, the _RELAX NG validator_ to Debian, i was going with some bit of difference analysis between the RELAX-NG and the W3C XML-Schema language.

For some more info regarding _Jing _ , it implements :
* RELAX NG 1.0 Specification,
* RELAX NG Compact Syntax, and
* parts of RELAX NG DTD Compatibility,
specifically checking of ID/IDREF/IDREFS.


Firstly analyzing the advantages of XML-Schema over the DTD,

XML-Schema over DTD
-It provides much greater specificity than DTDs could. some of these specificities are namespace aware, and provide support for types.

Then the features not supported by RELAX-NG,

XML-Schema over RELAX-NG..:
-RELAX NG lacks any analog to
-RELAX NG has slightly poorer specificity, i.e., it is not possible to define a specific number or range of repetitions of patterns.
-XML-Schema has a formal mechanism for attaching a schema to an XML document.

Then what is better regarding RELAX-NG in:

RELAX-NG Over XML-Schema

-It is the compact and has an equivalent form that is much more like a DTD, but with greater specifiability
-Also it provides very strong support for unordered content.
-RELAX-NG also allows for non-deterministic content models.
-RELAX NG allows attributes to be treated as elements in content models while W3C XML Schema cannot specify such a dependency between the content of an attribute and child elements.
-Most RELAX NG schemas can be algorithmically converted into W3C XML Schemas and even DTDs (except when using RELAX NG features not supported by those languages, as above)

So at the same time that _Jing_ also has support for schema languages other than RELAX NG; specifically

* W3C XML Schema (based on Xerces-J);
* Schematron;
* Namespace Routing Language.



Monday, January 15, 2007

Scott Shit Racks Blocks

Scott Morris Lab
Some of what's in the four separate rack cabinets:

-Juniper/Netscreen Router, Firewall and SSL VPN Device
- Cobalt/Sun RAQ2+
- Dell PowerEdge 650 (2 x P4-2GHz, 4GB RAM) Running Web-server and primary DNS.
- Trend Micro Network VirusWall 2500
-Cisco IDS-4210 Outside/Inside IDS Sensor
- Juniper/Netscreen IDP-100, ISG-2000, SA-1000, NS-208 , M7i, M5e, M10 and NS-2
- Cisco Catalyst 3750 - 48-port 10/100
-PIC, 4-port T-1 PIC
- Xyplex 1640 Terminal Server
- Cisco MCS, VG-200, 3620, 2611 voice gateway series
- Compaq DL/320 running Call Manager Publisher/subscriber
- Cisco LS-1010 ATM Switch
-Cisco uBR-924 Cable Modems with voice capability
- Cisco 3620 Frame Switch
-Cisco 3620 ISDN Switch
........

Lab purposes:
training
Juniper Networks Certified Internet Expert (JNCIE) lab exam.
consulting clients


This path not recommend to anyone unless you have a good amount of business to drive it or unless you see this equipment is great in the winter to heat your house ...!! :D


For your Comment:

Jim Morrison

People are afraid of themselves, of their own reality; their feelings most of all. People talk about how great love is, but that's bullshit. Love hurts. Feelings are disturbing. People are taught that pain is evil and dangerous. How can they deal with love if they're afraid to feel? Pain is meant to wake us up. People try to hide their pain. But they're wrong. Pain is something to carry, like a radio. You feel your strength in the experience of pain. It's all in how you carry it. That's what matters. Pain is a feeling. Your feelings are a part of you. Your own reality. If you feel ashamed of them, and hide them, you're letting society destroy your reality. You should stand up for your right to feel your pain.”
Jim Morrison

Friday, January 05, 2007

Complicated || not organized __detailed__ manual ...?!

When trying to configure console based mail client from time,
I noticed something ...!
All those complicated manuals regarding MUA<->MTA settings,
just exists to confuse people and discourage them from using their software.
Is it so hard for them to start with a simple configuration ...?!!
Three steps may put you to a working env.

-mutt configuration (in ~/.muttrc)
-SMTP command (~/bin/gmailout)
-ssmtp configuration (/etc/ssmtp/ssmtp.conf)

Also it was the case from few days when i was Installing/configuring R.Rails / MySQL /Apache
I noticed that maybe a Google search may be more effective than MANs, still the Question..
Gr8 to have a good detailed manual, but also there must be a hint or a pointer to what's related or required of dependencies of software components or third-party packages configurations
.....any comment ... ???!