5 月 18 2005
5 月 17 2005
P4 的 HT 出包了!? O_O
剛剛看到 這篇 :
根據英屬哥倫比亞溫哥華市一位23歲的博士班研究生Colin Percival表示,首次在Pentium 4中推出的「超執行緒」(Hyperthreading)技術,讓駭客可以存取安全資訊。
週五在加拿大渥太華舉行的BDSCan大會上他在一份報告中揭發了這種攻擊──利用安裝於伺服器上的間諜程式,然後和OpenSSL加密程式共享L2快取記憶體。間諜程式觀察特定快取的執行時間,然後扣除其他流程的時間(Percival稱之為「快取的腳印」(footprints in the cache),藉此收集有助於破解密碼的有用資訊。
而且到了文章快結尾時還有 :
不過,英特爾預計未來版本的微軟Windows和Linux作業系統將解決這個問題。
看來問題不大!? 不然等到未來版本的 Windows ( Longhorn !? ) , 那已經是 2006 年的事了吧! 
5 月 12 2005
phpBB 2.0.15 released !
先貼 2.0.13 跟 2.0.14 的變動 :
- Hardened author and keyword search a bit to not allow very server intensive searches
- Fixed full path disclosure in bad word parsing
- Resetting complete userdata array in session code if authentication fails
- Fixed bug in moderator control panel where certain parameters could lead to an “error creating new session” sql error
- Fixed bug in session code where empty page ids could lead to an “error creating new session” sql error
- Fixed html handling in signatures if html is turned off globally
- Fixed install.php problem with PHP5 register_long_arrays option turned off
- Fixed potential issues with styling system
- Added correct class to login_body template file
- Removed file db/oracle.php from package
- Removed version number from message body page in /admin (if user is not an admin) – mikelbeck
- Fixed case-sensitivity issues in postgres7.php – R45
2.0.15 修正了安全性問題, includes/bbcode.php 的這段 :
{
global $lang, $bbcode_tpl;下面加進這行 :
$text = preg_replace("#(script|about|applet|activex|chrome):#is", "\1:", $text);另外是這段 :
*/
function make_clickable($text)
{下面加進這行 :
$text = preg_replace("#(script|about|applet|activex|chrome):#is", "\1:", $text);所以總共有這些變動 :
- Fixed moderator status removal in groupcp.php
- Removed newlines after ?> on some files – Thoul
- Added admin re-authentication (admin needs to login seperatly to access the ACP) – backported from Olympus
- Fixed vulnerability in url/bbcode handling functions – PapaDos and Paul/Zhen-Xjell from CastleCops
- Fixed issue in admin/admin_forums.php
- Suppressed warning message for fsockopen in /includes/smtp.php – Thoul
- Fixed bug in admin/admin_smilies.php (admin is able to add empty smilies) – Exy
- Adjusted documents to reflect the urgent need to update the files too (not only running the database update script)
- Updated the readme file
- Added one new language variable
- Added general error if accessing profile for a non-existent user
- Changed session id generation to be more unique – Henno Joosep
- Fixed bug in highlight code to escape characters correctly
- Reversed the 2.0.14 fix for postgresql because it produced more problems than it solves.
- Added reference to article written by R45 about case-sensitivity in postgreSQL to the readme file
- Fixed bypassing of validate_username on registration – Yen
- Empty url/img bbcodes no longer get parsed
竹貓星球 也有這兩篇公告 :
[2005/04/25] phpBB 2.0.14 安全性修正版(包含更新檔)
[2005/05/08] phpBB 2.0.15 安全性修正版本
5 月 12 2005
看來該跑 FreeBSD 5.4 了..
剛剛翻 FreeBSD/i386 5.4-RELEASE Release Notes , 看到這幾條 :
Ethernet flow control is now disabled by default in the fxp(4) driver, to prevent problems with a system panics or is left in the kernel debugger.
這個好像是要解決我之前在 IP 被衝就 Hang 住!? 講的那個問題!?
The ipfw(8) ipfw fwd rule now supports the full packet destination manipulation when the kernel option options IPFIREWALL_FORWARD_EXTENDED is specified in addition to options IPFIREWALL_FORWARD. This kernel option disables all restrictions to ensure proper behavior for locally generated packets and allows redirection of packets destined to locally configured IP addresses. Note that ipfw(8) rules have to be carefully crafted to make sure that things like PMTU discovery do not break.
這個就不是很清楚了, 不過我們某台 Proxy ( FreeBSD 5.3 ) 使用 ipfw fwd 上面有很大的問題.
升成 5.4 看看好了.. orz
5 月 12 2005
藍色畫面跟紅色畫面…..
剛剛看到 Longhorn驚喜:死亡紅幕 .
軟體業霸主微軟公司將在下一版的Windows作業系統,為傳奇的「死亡藍幕」(Blue Screen of Death)提供一個獨特的解決方案 – 「死亡紅幕」。
正在測試Longhorn系統的微軟技術人員兼網誌作者Michael Kaplan表示,除了死亡藍幕之外,使用者還將面對紅色威脅。Kaplan說,「死亡紅幕」比「死亡藍幕」更上一層,代表你的電腦發生更嚴重、更致命的錯誤。
我看, 直接 show 個核爆動畫算了… =_=b
5 月 10 2005
WordPress 1.5.1 Released !
在 WordPress 官方網頁 已經可以下載到了, 下載頁面 .
ChangeLog 可以看到這些變動 :
# Login and feed fixes for IIS
# Faster gettext i18n
# Improved i18n string coverage
# Extended ping support
# Paging on the Manage->Posts page
# URI-safe accent stripping for all UTF-8 characters in the Latin Extended-A Unicode block
# Query string style argument list support for wp_get_links() and wp_get_linksbyname()
# Improved hierarchy listing in wp_list_pages()
# Support for a Status: theme header field that allows themes to be marked as private, publish, or draft
# Improved caching and database query reduction
# Active plugin and theme highlighting
# Plugins can now have multiple option pages
# Pingbacks now work on hosts with fopen off like Dreamhost
# Many bug fixes
另外, 在 這邊 還有更詳細的清單.
5 月 19 2005
關於 PCHome 的 eDM
昨晚在 yuecheng 那裡看到 這篇 .
因為我很早之前就在 PCHome 註冊帳號了, 只是一直沒使用到他們所提供的服務.
所以我昨天就把所有強制寄送的 eDM 全部都取消了 :
然後出現了這個頁面 :
其實, 很早之前我就試過在這些 eDM 裡面點選 取消訂閱 的 link , 可是一直都無效. 在昨晚讓他們凍結帳號後, 今天的 mail 信箱果然乾淨了許多.
By Joe Horn • Life 0 • Tags: eDM, PCHome