WWW

12 月 28 2005

詭異的 eAccelerator

從幾個禮拜前我就在我的 BBS 個人板叫過, 我的 Apache 啟動後過不了多久就會狂噴這種訊息到 error log 裡 :

[warn] (32)Broken pipe: write pipe_of_death

而且 child process 的數量只會一直增加, 不會減少. :-O
如果我沒記錯的話, 這串訊息出現在我把 2.0.54 換成 2.0.55 以後.
所以當時我是決定把 2.0.55 換成 2.2 .
很不幸的, 狀況並沒有變動, 訊息仍然存在.
我一直以為是 Apache 的問題, 直到我在昨天看到 這篇 才恍然大悟. orz

很明顯的, 罪魁禍首是 eAccelerator , 問題出在 debug.c 這支程式的這段:

void ea_debug_shutdown ()
{
    fflush (F_fp);
    fclose (F_fp);
    F_fp = NULL;
}

fclose (F_fp); 換成 if (F_fp != stderr) fclose (F_fp); , 重新 compile & install 就沒事了.

話說回來, 這種 bug 還真是讓人無言以對啊… (眨眼)

By 0 • Tags: ,

9 月 21 2005

AT&T 解散 UNIX 部門…

剛剛亂爬文, 爬到 這篇 .
( 8 月中的舊聞了… 現在才爬到… orz )

在文章裡面也有提到成員們的去向 :

Ken Thompson retired to California.
Brian Kernighan is a Professor at Princeton.
Doug McIlroy is a Professor at Dartmouth.
Rob Pike and Dave Presotto and Sean Dorward are at Google.
Tom Duff is at Pixar.
Phil Winterbottom is CTO at Entrisphere.
Gerard Holzmann is at NASA/JPL Lab for Reliable Software.
Bob Flandrena is at Morgan Stanley.
Dennis Ritchie and Howard Trickey remain, enisled.

至於 Unix 的歷史的話, 有興趣玩玩考古學的可以看看 這篇 .

By 0 • Tags: ,

9 月 12 2005

暫時退回來用 PHP4 …

繼昨天在 這篇 提到的問題之後.

我發現 phpBB 也有相同的問題, 而且還不只一個檔案爛掉…
( 是爛一團…. :neutral: )

去官方的論壇找, 也是哀鴻遍野… orz
而官方的回答一律都是 “請改用 PHP 4” .

因為爛掉的檔案太多, 牽連範圍太大…
所以我把部分機器的 PHP 都降回來 4.4.0 了… orz

看來 phpBB 要在 PHP5 上面跑的話, 可能得等 3 系列囉!? O_o

By 1 • Tags:

9 月 11 2005

WordPress 在 PHP 5.0.5 下可能會出現的問題

剛剛 Solaris 叔叔 跟我說他的 Blog 消失了.

找了一下問題之後發現這串 log :

[Sun Sep 11 19:40:49 2005] [error] [client 59.104.45.15] PHP Fatal error: Only variables can be passed by reference in ###/wp-includes/gettext.php on line 66

我針對這段作了小修改 , 原先的這段 code :

return array_shift(unpack("V", $this->STREAM->read(4)));

改成這樣就恢復正常了 :

$read_int_tmp = unpack("V", $this->STREAM->read(4));
return array_shift($read_int_tmp);

因為昨天晚上我把 PHP 從 5.0.4 升級到 5.0.5 , 所以這應該是 5.0.5 才會遇到的問題吧!? :shock:

更詭異的是, 我這邊跟 R 董那邊 都沒發生這個問題.
( 所以應該說是 Solaris 叔叔 帶賽? XD )

By 5 • Tags: ,

7 月 22 2005

phpBB 2.0.17 released !

主要修正有這些 :

  • Added extra checks to the deletion code in privmsg.php – reported by party_fan
  • Fixed XSS issue in IE using the url BBCode
  • Fixed admin activation so that you must have administrator rights to activate accounts in this mode – reported by ieure
  • Fixed get_username returning wrong row for usernames beginning with numerics – reported by Ptirhiik
  • Pass username through phpbb_clean_username within validate_username function – AnthraX101
  • Fixed PHP error in message_die function
  • Fixed incorrect generation of {postrow.SEARCH_IMG} tag in viewtopic.php – reported by Double_J
  • Also fixed above issue in usercp_viewprofile.php
  • Fixed incorrect setting of user_level on pending members if a group is granted moderator rights – reported by halochat
  • Fixed ordering of forums on admin_ug_auth.php to be consistant with other pages
  • Correctly set username on posts when deleting a user from the admin panel

官方公告 在此.
竹貓星球 也已經發出 這篇公告 囉!

By 0 • Tags:

7 月 3 2005

Live 8 !

國內好像很少有 Blogger 提到這個活動!?

八大工業國會議即將舉行, 為了敦促工業國領袖採取行動來搶救非洲貧窮國家, 全球大串連的 Live 8 搖滾演唱會在 7 月 2 日登場, 包括英國倫敦, 美國費城, 蘇格蘭的愛丁堡, 德國柏林, 法國巴黎, 義大利羅馬, 俄國的莫斯科, 日本東京, 南非的約翰尼斯堡, 都是眾星雲集的大場面.

Live 8 listLive 8 官網 都寫的很清楚, 活動目的只有一個 : 終止貧窮 ( Make Poverty History ) .

比較有趣的是, 這個活動在網路上蔓延的效果比傳統媒體大很多 ( 新聞在此 ) .

這邊 可以線上收聽, 並看到許多演唱會的精彩照片 .

而廣為 Blogger 所熟悉的 Technorati 不僅有 Technorati Live 8 這個網站來展開聲援 , 也開了一個 Live 8 tag .
除此之外, 還提供了 Live 8 Badge 讓 Blogger 取用.

當然, 我這邊也拿來用了, 效果如下 :

By 2 • Tags: ,

7 月 2 2005

phpBB 2.0.16 released !

2.0.16 有安全性修正 , 而且在最常被存取的 viewtopic.php :

$message = str_replace(""", """, substr(@preg_replace("#(\>(((?>([^>< ]+|(?R)))*)\<))#se", "@preg_replace("#\b(" . str_replace("", "", $highlight_match) . ")\b#i", "<span style="color:#" . $theme["fontcolor3"] . ""><b>\1</b>", "\0")", ">" . $message . "< "), 1, -1));

改為

$message = str_replace(""", """, substr(@preg_replace("#(\>(((?>([^>< ]+|(?R)))*)\<))#se", "@preg_replace("#\b(" . str_replace("", "", addslashes($highlight_match)) . ")\b#i", "<span style="color:#" . $theme["fontcolor3"] . ""><b>\1</b>", "\0")", ">" . $message . "< "), 1, -1));

更新範圍列表如下 :

  • Fixed critical issue with highlighting – Discovered and fix provided by Ron van Daal
  • Url descriptions able to be wrapped over more than one line again
  • Fixed bug with eAccelerator in admin_ug_auth.php
  • Check new_forum_id for existence in modcp.php – alessnet
  • Prevent uploading avatars with no dimensions – Xpert
  • Fixed bug in usercp_register.php, forcing avatar file removal without updating avatar informations within the database – HenkPoley
  • Fixed bug in admin re-authentication redirect for servers not having index.php as one of their default files set

官方公告 在此 .
竹貓星球 也發出了 這篇公告 .

By 0 • Tags:

5 月 31 2005

phpBB is a pain!?

前陣子在 Weblog Tools Collection 出現 這篇 .

如果是從以前就有在看我這個 Blog 的人, 應該也都看過 phpBB 的版本更新訊息.

在各種論壇系統裡面, phpBB 的效能算是很好的一套, 而且在全世界站台中, 使用的比率又很高. 於是, phpBB 便成了許多攻擊者的頭號目標 ( 樹大招風!? ) .

當然, 還是老話.
世界上沒有絕對安全的系統, 只有絕對勤勞的系統管理/維護人員.
( 不過可能已經有不少人因為這個因素而跳槽使用別的系統了. XD )

By , 1 • Tags:

5 月 12 2005

phpBB 2.0.15 released !

先貼 2.0.13 跟 2.0.14 的變動 :

  • Hardened author and keyword search a bit to not allow very server intensive searches
  • Fixed full path disclosure in bad word parsing
  • Resetting complete userdata array in session code if authentication fails
  • Fixed bug in moderator control panel where certain parameters could lead to an “error creating new session” sql error
  • Fixed bug in session code where empty page ids could lead to an “error creating new session” sql error
  • Fixed html handling in signatures if html is turned off globally
  • Fixed install.php problem with PHP5 register_long_arrays option turned off
  • Fixed potential issues with styling system
  • Added correct class to login_body template file
  • Removed file db/oracle.php from package
  • Removed version number from message body page in /admin (if user is not an admin) – mikelbeck
  • Fixed case-sensitivity issues in postgres7.php – R45

2.0.15 修正了安全性問題, includes/bbcode.php 的這段 :

{
   global $lang, $bbcode_tpl;

下面加進這行 :

$text = preg_replace("#(script|about|applet|activex|chrome):#is", "\1&#058;", $text);

另外是這段 :

 */
function make_clickable($text)
{

下面加進這行 :

$text = preg_replace("#(script|about|applet|activex|chrome):#is", "\1&#058;", $text);

所以總共有這些變動 :

  • Fixed moderator status removal in groupcp.php
  • Removed newlines after ?> on some files – Thoul
  • Added admin re-authentication (admin needs to login seperatly to access the ACP) – backported from Olympus
  • Fixed vulnerability in url/bbcode handling functions – PapaDos and Paul/Zhen-Xjell from CastleCops
  • Fixed issue in admin/admin_forums.php
  • Suppressed warning message for fsockopen in /includes/smtp.php – Thoul
  • Fixed bug in admin/admin_smilies.php (admin is able to add empty smilies) – Exy
  • Adjusted documents to reflect the urgent need to update the files too (not only running the database update script)
  • Updated the readme file
  • Added one new language variable
  • Added general error if accessing profile for a non-existent user
  • Changed session id generation to be more unique – Henno Joosep
  • Fixed bug in highlight code to escape characters correctly
  • Reversed the 2.0.14 fix for postgresql because it produced more problems than it solves.
  • Added reference to article written by R45 about case-sensitivity in postgreSQL to the readme file
  • Fixed bypassing of validate_username on registration – Yen
  • Empty url/img bbcodes no longer get parsed

竹貓星球 也有這兩篇公告 :
[2005/04/25] phpBB 2.0.14 安全性修正版(包含更新檔)
[2005/05/08] phpBB 2.0.15 安全性修正版本

By 0 • Tags:

5 月 12 2005

Bloglines 的 user db 又爛了…

沒錯! 跟上次一樣…

我剛剛被踢出來, 然後現在登不進去了!! =_=b

不知啥時會修好… XD

By 0 • Tags:

« 3 4 5 6»