Tuesday, May 06, 2008

Adding extra disk to OpenBSD the fast way

This is to add an extra disk to OpenBSD system, in a simple and quick way. if you'd like to know more details and what we're doing by these commands, please go to OpenBSD faq "disk setup" page: http://www.openbsd.org/faq/faq14.html.

tested on openbsd 4.2.

NOTE: THIS  IS FOR LEARNING ONLY. DO NOT TRY ON YOUR PRODUCTION SERVER!!

1. power off your box

2. attache your disk to your computer

3. boot

4. login as root

5. check dmesg for the disk you just add.
     For a 2nd IDE disk, usually it's wd1; for 2nd SCSI disk, it's sd1 etc

6. run command: `fdisk -i wd1`, assuming it's 2nd IDE disk, brand new.

7. run command: `disklabel -E wd1`

8. under the disklabel command prompt, enter `a a` to add your first partition, accept all default setting in the following 3 prompt, the "offset" sector, end sector and fs type. this will make the whole disk as one partition "a"

9. enter 'q' to exit disklabel command and save your setting

10. run `newfs /dev/wd1a` to make new file system on the newly created partition.

11. make a directory, under which you want to mount the new partition to. `mkdir /vol0`.

12. run `mount /dev/wd1a /vol0`

13. you should be able to cd into /vol0 directory and do whatever you normally can do.
if you want to have this partition mounted automatically at every reboot, edit the "/etc/fstab" file, append to it the line `/dev/wd1a /vol0 ffs 1 1`

DONE.

Saturday, May 03, 2008

WAFL(Write Anywhere File Layout) 实现(1)


1. Overview

WAFL is a UNIX compatible file system optimized for network file access. In many ways WAFL is similar to other UNIX file systems such as the Berkeley Fast File System (FFS) and TransArc's Episode file system. WAFL is a block-based file system that uses inodes to describe files. It uses 4 KB blocks with no fragments.
Each WAFL inode contains 16 block pointers to indicate which blocks belong to the file. Unlike FFS, all the block pointers in a WAFL inode refer to blocks at the same level. Thus, inodes for files smaller than 64 KB use the 16 block pointers to point to data blocks. Inodes for files larger than 64 MB point to indirect blocks which point to actual file data. Inodes for larger files point to doubly indirect blocks. For very small files, data is stored in the inode itself in place of the block pointers.

一: 概览

WAFL是一个和UNIX兼容的文件系统,并专门为网络访问做了优化。在很多方面WAFL 都和Berkeley FFS文件系统以及TransArc的Episode文件系统很相似。WAFL是基于 磁盘块(block)的,它使用inodes来描述文件。它的block是4KB大,没有分片 (fragments)。

每一个WAFL inode(索引节点)包含16个block指针来表明哪些块属于这个文件。 和FFS不一样的是,所有的块指针都指向同一个层次的块,因此,对于小于64KB的 文件,inode的块指针直接指向数据块;对于大于64MB的文件,指针指向间接的 块,这些间接块则包含指向实际数据块的指针;对于更大的文件,这种间接块则会 再增加一级。而对于非常小的文件,数据则直接存储在inode里面那些存放块指针 的位置。

2. Meta-Data Lives in Files

Like Episode, WAFL stores meta-data in files. WAFL's three meta-data files are the inode file, which contains the inodes for the file system, the block-map file, which identifies free blocks, and the inode-map file, which identifies free inodes. The term map is used instead of bit map because these files use more than one bit for each entry. The block-map file's format is described in detail below.

2. 元数据存在于文件中

和Episode一样,WAFL把元数据存放于文件中。WAFL的三个元数据文件是inode文 件,包含文件系统的inode数据;block-map(块映射)文件,它标明空闲块;inode- map文件,标明空闲的inode。这里使用了map而不是bit map是因为这些文件为每个 条目使用了多于一个bit的空间。Block-map文件的格式细节如下图所示。

           ___________
           | |        |   root Inode
           |
           |________________________________________________
           | |     000    | |     000     | |    000       |            inode file

           |
           |____________   ____________     ___________  ____________
           |      _    _|  |___________|   | _____   __| |           |  all other files

           block-map file  inode-map file  all other files in the file system

           Figure 1: The WAFL file system is a tree of blocks with the
           root inode, which describes the inode file, at the top, and
           meta-data files and regular files underneath.           
           图1:WAFL文件系统是一个树状块,包含描述其他inode文件的位于顶
           部的root inode和 下面的其他的元数据文件和常规文件

Keeping meta-data in files allows WAFL to write meta-data blocks anywhere on disk. This is the origin of the name WAFL, which stands for Write Anywhere File Layout. The write-anywhere design allows WAFL to operate efficiently with RAID by scheduling multiple writes to the same RAID stripe whenever possible to avoid the 4-to-1 write penalty that RAID incurs when it updates just one block in a stripe.

将元数据放在文件里面让WAFL可以将元数据块写在磁盘的任何位置。这也是WAFL的 名称的由来—--任意可写文件格式。这种任意可写的设计让WAFL在RAID上的运行非 常有效,当它更新条带上的某一个块的时候,可以规划(schedule)多次写操作到 RAID条带,在任何可能的情况下避免RAID 4-to-1写操作带来的低效。

----待续---- --to be continued---


Sunday, April 27, 2008

Ten Must-have free security tools from eweek (bilingual)

1. Secunia Personal Software Inspector

The Secunia PSI examines .exe, .dll, and .ocx files on your computer and
matches the data against a file signatures engine to determine whether
you are running unpatched software programs. It then provides help in
patching the vulnerabilities that are identified.

Secunia是一家专注于安全技术的公司,他们的PSI软件会检查你电脑上的.exe,
.dll, 和 .ocx文件并将结果和文件签名引擎中的数据进行匹配以确定你正在使用
的软件是否已经打过补丁。如果没有,他们会提供帮助让你补上那些已经被查出的
漏洞。

Download link(下载链接): https://psi.secunia.com/

2. OpenDNS

No software to install. Just change your DNS settings to use OpenDNS
servers (208.67.222.222 and 208.67.220.220) to get valuable security
features—content filtering, adult site blocking, phishing and malware
blocking, and protection against DNS rebinding attacks.

无需安装任何软件,只是将你的DNS服务器设为OpenDNS提供的服务器
(208.67.222.222 and 208.67.220.220)即可使用他们的安全服务 -- 内容过滤,
成人网站拦截,欺骗性邮件和恶意软件拦截,并可保护你的DNS服务免于rebinding
攻击。

Download link(下载链接): http://www.opendns.com


3. Haute Secure

The free browser plugin (Internet Explorer and Firefox) covers the
growing data security hole between your firewall and anti-virus
programs. It provides an aggressive, color-coded early warning system
for drive-by malware attacks.

这是一个免费的浏览器插件,适用于IE和火狐(Firefox)。主要用于防火墙和防病
毒软件无法保护的那部分的数据安全。它针对恶意软件攻击提供很主动的并用颜色
标识的早期预警系统。

Download link(下载链接): http://www.hautesecure.com


4. Trend Micro RUBotted

This lightweight beta program intelligently monitors Windows machines
for remote botnet C&C (command and control) commands. These can include
commands to turn the zombie machine into a spam relay; launch
denial-of-service attacks; or host malicious Web sites for phishing attacks.

这个轻量级的测试程序智能地监视Windows系统以检测任何可能的botnet远程控制
命令。包括那些可以把僵尸机器变成垃圾邮件转发器,发动DoS攻击以及生成欺骗
性网站内容的命令。

Download link(下载链接):

http://www.trendsecure.com/portal/en-US/tools/security_tools/rubotted


5. AVG Anti-Rootkit

Detects and removes stealthy rootkits used by hackers to hide malicious
software from security programs.

侦测删除隐蔽的rootkit程序,防止hacker隐藏其他恶意程序以躲避安全软件的侦测。

Download link(下载链接): http://free.grisoft.com/doc/39798/us/frt/0

6. ZoneAlarm Firewall

Easy-to-use firewall systematically identifies hackers and blocks access
attempts.

非常易用的防火墙,系统地侦测和防止黑客行为

Download link(下载链接):

http://www.zonealarm.com/store/content/catalog/products/sku_list_za.jsp?lid=nav_za

7. BitDefender 10 Free AntiVirus

Provides on-demand scan engines to find and remove viruses. Features
include scheduled scanning, immediate scanning, ability to quarantine
suspicious files and reporting capabilities.

提供按需扫描引擎来侦测和删除病毒。主要特性包括:计划扫描,立即扫描,隔离
疑似病毒文件及报告功能。

Download link(下载链接):

http://www.bitdefender.com/PRODUCT-14-en--BitDefender-Free-Edition.html

8. CC Cleaner

This lightweight utility combines a system cleaner that removes unused
and temporary files URL history and cookies from the three main Web
browsers (IE, Firefox and Opera). It also features a registry cleaner.

这个轻量级的工具整合了系统清理和注册表清理功能,可以清理不使用的和临时文
件,URL历史,清理IE,Firefox和Opera的cookie。

Download link(下载链接): http://www.ccleaner.com/

9. WinPatrol

This ultimate watchdog program monitors Windows computers for signs of
malicious hacker activity. It can also be used to monitor, stop and
control Windows services, detect and review new auto-startup programs
and monitor IE home and search pages.

这个终极的防护程序监视Windows机器以发现可能的恶意黑客活动迹象。它还能用
于监视、停止和控制Windows的服务,检查自动启动程序并监视IE 的主页和搜索页。

Download link(下载链接): http://www.winpatrol.com/download.html

10. NoScript

This is a no-brainer for Firefox, Flock, Seamonkey and others
Mozilla-based browsers. This free add-on allows JavaScript, Java, Flash
and other plugins to be executed only by trusted web sites, providing
powerful anti-XSS protection directly in the browser.

这是一个针对Firefox,Flock,Seamonkey和其他基于Mozilla的浏览器的非常易于
使用的工具。这个插件可以让 avaScript, Java, Flash 和其他插件只被信任的网
站执行,为浏览器提供了很强有力的anti-XSS保护。

Download link(下载链接): http://noscript.net/

Saturday, April 26, 2008

Turn Off the PC-Speaker

 Did you ever get annoyed for that beeping sound from your Windows Machine, especially when you're in office or some other public places? You mute all sound devices but it didn't work. Here is how to turn it off.
 
当你正在办公室或者其他地方使用电脑,但突然它发出尖锐的"嘟嘟"声。 非常恼人,不是吗?你将所有设备都设为静音,但仍然无济于事。这里我们有一个办法来关掉它。

  In Windows 2k/XP,click "start >> Run", key in "devmgmt.msc" and press "Enter" to go into device manager, select the "Show hidden devices" option in the "View" menu, go to "non plug and play device" find that device named "Beep" and set it to disabled.

在Windows2k/XP中,点击"开始>>运行",输入"devmgmt.msc",在弹出的设备管理器窗口中,点击"查看"菜单,选中"显示隐藏设备"。然后在下面右边的窗口中点击"非即插即用设备",找到"beep",右键单击,选择"禁用",虽有按提示操作,重启电脑即可。



中 国 最 强 网 游 --- 网 易 梦 幻 西 游 ,166 万 玩 家 同 时 在 线

Friday, April 25, 2008

How to patch your OpenBSD

Every OS needs to be patched, even for OpenBSD, either for security reasons, reliability ones, bug fixes or new functions.

To patch OpenBSD, you need first to know whether there are any patches released/applicable for your version of release. For OpenBSd, there are two ways you can check if there are any patches available. First, and recommended, is to check the errata (http://www.openbsd.org/errata.html) page. Second is to subscribe to "announce " and "security-announce" mailing lists. for more details on how, check OpenBSD web page or send a mail to majordomo@openbsd.org with subject "help".


In OpenBSD, there are 3 ways to patch your system with all the patches.
1. upgrade your system to -current branch, since all patches and fixes are incorporated into -current.

This is not suitable for most users because of the ever-changing code for -current.

2. upgrade your system to -stable branch of your your release.

By doing this, you'll need to fetch or update your source tree using the appropriate -stable branch, and recompile the kernel and userland files. While this is the easiest way and is OK for most users, it take quite a while to download source files and recompile the system, especially for these who has limited bandwidth to Internet.

3. Patch, compile and install individual impacted files.

This is what we will use for our example below. While this requires less bandwidth and typically less time than an entire cvs(1) checkout/update and source code compilation, this is sometimes the most difficult option, as there is no one universal set of instructions to follow. Sometimes you must patch, recompile and install one application, other times, you might have to recompile entire sections of the tree if the problem is in a library file.

Once you've identified the patch you need to apply to your system, here are the steps to follow:

++++++++++++++++++Following lines are from www.openbsd.org/faq/faq10.html:

Applying patches.

Patches for the OpenBSD Operating System are distributed as "Unified diffs", which are text files that hold differences to the original source code. They are NOT distributed in binary form. This means that to patch your system you must have the source code from the RELEASE version of OpenBSD readily available. In general, you should have the entire source tree available. If you are running a release from official CDROM, the source trees are available on disk 3, they are also available as files from the FTP servers. We will assume you have the entire tree checked out.

For our example here, we will look at patch 001 for OpenBSD 3.6 dealing with the st(4) driver, which handles tape drives. Without this patch, recovering data from backups is quite difficult. People using a tape drive need this patch, however those without a tape drive may have no particular need to install it. Let's look at the patch:

# more 001_st.patch
Apply by doing:
cd /usr/src
patch -p0 < 001_st.patch

Rebuild your kernel.

Index: sys/scsi/st.c
===================================================================
RCS file: /cvs/src/sys/scsi/st.c,v
retrieving revision 1.41
retrieving revision 1.41.2.1
diff -u -p -r1.41 -r1.41.2.1
--- sys/scsi/st.c 1 Aug 2004 23:01:06 -0000 1.41
+++ sys/scsi/st.c 2 Nov 2004 01:05:50 -0000 1.41.2.1
@@ -1815,7 +1815,7 @@ st_interpret_sense(xs)
u_int8_t skey = sense->flags & SSD_KEY;
int32_t info;

- if (((sense->flags & SDEV_OPEN) == 0) ||
+ if (((sc_link->flags & SDEV_OPEN) == 0) ||
(serr != 0x70 && serr != 0x71))
return (EJUSTRETURN); /* let the generic code handle it */

As you will note, the top of the patch includes brief instructions on applying it. We will assume you have put this patch into the /usr/src directory, in which case, the following steps are used:

# cd /usr/src
# patch -p0 < 001_st.patch
Hmm... Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|Apply by doing:
| cd /usr/src
| patch -p0 < 001_st.patch
|
|Rebuild your kernel.
|
|Index: sys/scsi/st.c
|===================================================================
|RCS file: /cvs/src/sys/scsi/st.c,v
|retrieving revision 1.41
|retrieving revision 1.41.2.1
|diff -u -p -r1.41 -r1.41.2.1
|--- sys/scsi/st.c 1 Aug 2004 23:01:06 -0000 1.41
|+++ sys/scsi/st.c 2 Nov 2004 01:05:50 -0000 1.41.2.1
--------------------------
Patching file sys/scsi/st.c using Plan A...
Hunk #1 succeeded at 1815. <-- Look for this message!
done

Note the "Hunk #1 succeeded" message above. This indicates the patch was applied successfully. Many patches are more complex than this one, and will involve multiple hunks and multiple files, in which case, you should verify that all hunks succeeded on all files. If they did not, it normally means your source tree is not right, you didn't follow instructions carefully, or your patch was mangled. Patches are very sensitive to "white space" -- copying and pasting from your browser will often change tab characters into spaces or otherwise alter the white space of a file, making it not apply.

At this point, you can build the kernel as normal, install it and reboot the system.

Not all patches are for the kernel. In some cases, you will have to rebuild individual utilities. At other times, will require recompiling all utilities statically linked to a patched library. Follow the guidance in the header of the patch, and if uncertain, rebuild the entire system.

Patches that are irrelevant to your particular system need not be applied -- usually.

Sunday, April 13, 2008

use proxy authentication with perl

Here is a simple script to grab a URL using proxy that requires authentication and using different port for different service:

use strict;
use LWP::UserAgent;
use HTTP::Request;

my $Silverfox = LWP::UserAgent->new();
$Silverfox->proxy(http =>'http://username:pwd@myproxy.com:8080');
$Silverfox->proxy(ftp =>'username:pwd@http://myproxy.com:81');
$Silverfox->no_proxy(qw('127.0.0.1' local));

# initialize proxy settings from environment variables
#$Sliverfox->env_proxy;

my $req = HTTP::Request->new(GET =>'http://www.bsdplus.cn');
print $Silverfox->request($req)->as_string;

Monday, June 11, 2007

上海ADSL无法访问此blog

最近在家无法访问http://alan0203.blogspot.com,因此也无法更新。
目前不得不考虑购买付费空间。无论如何,如果您对BSD感兴趣,请继续关注http://alan.thechengs.name,它会自动转到相应的blog(目前是http://alan0203.blogspot.com).

谢谢!

Monday, June 04, 2007

VI:一旦拥有,别无所求(2)

学习如何在打开的文档中移动光标是非常重要的基础,尤其是对于后面的复制或删除操作。之后,我们就学习如何插入文本和编辑文档。

进入插入模式有以下六种常见的方式:
1. i:在光标所在字符的左侧添加文本/字符
2. I:在当前行的行首插入
3. o:在当前行的下方新建一行并开始插入
4. O:当当前行的上方新建一行并插入
5. a:在光标所在字符的右侧添加文本/字符
6. A:在当前行的行尾插入

除了这六种方式之外,还有一个比较复杂一点的:

7. c{motion}:选中motion动作覆盖的文本并进入插入模式,用新的文本替换选中的内容.这里的motion就是指前面提到的移动操作。比如c$就是选中从光标所在位置到当前行尾的文本并进入插入模式。


拷贝和剪切操作
d:剪切选中的文本,并将文本放到剪切本中。
y:复制选中的文本
c:同d,但是会使vi进入插入模式,见上面c{motion}

p:粘贴。这个恐怕是vi中最简单的命令了,只需将光标移动到目标位置,按p将复制的文本粘贴