2008年12月16日 星期二

build 64bit version of openssl

HPUX IA64 - I choose method 2:
change in main Makefile definitions to:

SHARED_LDFLAGS=-mlp64 -shared -nodefaultlibs
EX_LIBS= -ldl -lgcc

and run make again.

2008年12月10日 星期三


Sniffer in wikipedia
A Quick Intro to Sniffers - provide links to other sniffer information.

2008年11月24日 星期一

netfilter's weblog


TPROXY take 6 ?

It seems the TPROXY has been merged into Linux kernel 2.6.27-git2
And it is on 2.6.28-rc6

The corresponding iptables version seems to be released soon (1.4.3-rc1 )

It means no more patch to support this feature in kernel/iptables.

2008年10月16日 星期四


HP-UX Linker and Libraries User's Guide

Linker Tools for Itanium-Based Systems, chatr

Determining How to Link Programs or Libraries (Linker Tasks)

For HPUX/PA-RISC 32-bits, it uses SOM file format. (very similiar to aout format)
Others, ELF is used.

ld.so, ld-linux.so* — dynamic linker/loader

UsingOrigin - SCons Wiki

ELF is used.

C. Recording Dependencies with $ORIGIN (Linker and Libraries Guide) - Sun Microsystems

ELF is used.

There is no such thing. AIX uses XCOFF for their executable/shared library file format.
It is possible to write a program to modify these setting.

links for ELF

LibElf and GElf - A Library to Manipulate ELf Files - from Sun Developer Network.

elfedit — examine or edit ELF files - can be used to edit the rpath in Solaris' ELF file.

Executable and Linkable Format - Wikipedia, the free encyclopedia

SourceForge.net: elftoolchain » home

ELF 之 Program Loading 教學文件, #2: Program Header Table

Understanding ELF using readelf and objdump - Linux Forums

[藍森林-自由軟件] - 問一個elf動態連接的問題--
UNIX/LINUX 平台可執行文件格式分析


Working with the ELF Program Format


2008年8月18日 星期一

CORE Security

CORE Security creates some projects that I am interesting. e.g. Pcapy , impacket and Pass-The-Hash .

2008年7月16日 星期三

Network management with Quake Engine

It is interesting to know this.

Leveraging 3D Game Engines (L3DGE): Novel techniques for anomalous traffic detection and collaborative network control. It includes L3DGEWorld (network monitoring), LCMON (supercomputer cluster monitoring) and LupsMON (remote UPS monitoring).

OpenNMS is also interesting on this project [opennms-discuss] Quake interface.


here is an article about script/screen.

2008年7月9日 星期三

shell parameter expansion

parameter set and not null parameter set and nullparameter unset
${parameter:-word}substitute parametersubstitute wordsubstitute word
${parameter-word}substitute parametersubstitute nullsubstitute word
${parameter:=word}substitute parameterassign wordassign word
${parameter=word}substitute parametersubstitute parameterassign null
${parameter:?word}substitute parametererror, exiterror, exit
${parameter?word}substitute parametersubstitute nullerror, exit
${parameter:+word}substitute wordsubstitute nullsubstitute null
${parameter+word}substitute wordsubstitute wordsubstitute null

2008年7月7日 星期一

python gtk glade3

PIDA is an IDE (integrated development environment). PIDA is different from other IDEs in that it will use the tools you already have available rather than attempting to reinvent each one. PIDA is written in Python with the PyGTK toolkit, and although is designed to be used to program in any language, PIDA has fancy Python IDE features.

Custom PyGTK Widgets in Glade3: Part 1 and 2: Custom widget adaptors

Geany at LinuxTOY

Geany is a text editor using the GTK2 toolkit with basic features of an integrated development environment. It was developed to provide a small and fast IDE, which has only a few dependencies from other packages. It supports many filetypes and has some nice features. For more details see About.


Rapid Application Development with Python and Glade

PyGTK lets you to easily create programs with a graphical user interface using the Python programming language. The underlaying GTK+ library provides all kind of visual elements and utilities for it and, if needed, you can develop full featured applications for the GNOME Desktop.

2008年7月6日 星期日


OpenAJAX - The OpenAjax Alliance is an organization of vendors, open-source initiatives and Web developers dedicated to the successful adoption of open and interoperable Ajax-based Web technologies. The alliance's prime objective is to accelerate customer success with Ajax by improving the customer's ability to mix and match solutions from Ajax technology providers and helping to drive the future of the Ajax ecosystem.

2008年6月30日 星期一

NIDS by Snort

Using Snort: Part 1: Installation and configuration

Using Snort, Part 2: Configuration

OpenSer and HA/LoadBalancing

This document mentions Load Balancing about OpenSer.

This also mention this feature.

Here provides a sample configuration file.

# Made by Deillon Thomas
debug=3 # debug level (cmd line: -dddddddddd)
log_stderror=yes # (cmd line: -E)

#set module path

# ------------------ module loading ----------------------------------
loadmodule "maxfwd.so"
loadmodule "sl.so"
loadmodule "dispatcher.so"
loadmodule "tm.so"
loadmodule "mi_fifo.so"
loadmodule "textops.so"
loadmodule "xlog.so"

modparam("mi_fifo","fifo_name", "/tmp/openser_fifo")
#Timer which hits if no final reply for a request
#or ACK for a negative INVITE reply arrives
modparam("tm", "fr_timer", 5)

modparam("dispatcher", "list_file", "dispatcher.list")
modparam("dispatcher", "flags", 2) # fial-over mode
modparam("dispatcher", "dst_avp", "$avp(i:271)")
modparam("dispatcher", "grp_avp", "$avp(i:272)")
modparam("dispatcher", "cnt_avp", "$avp(i:273)")
modparam("dispatcher", "force_dst", 1)

if (method=="INVITE") #To complete of course
ds_select_dst("1","4"); # 4 = round-robin
t_on_failure("1"); # If there is no response after 5 sec

failure_route[1] {
if(t_check_status("408"){ # if timeout
ds_mark_dst(); # do not use this destination anymore
ds_next_dst(); # use next
t_on_failure("1"); # if the next one is dead to !!
else {
t_reply("501", "Not Implemented");

Information about WMP and Javascript

Advertising Solutions: Windows Media Player Interface

Re: Animation while buffering - slightly off topic

PARAM Element

在Web 頁中嵌入Windows Media Player

Authoring Streaming Media for the WWW

tim jones article on IBM developerWorks

Tim Jones's articles ...

Anatomy of Linux journaling file systems
In recent history, journaling file systems were viewed as an oddity and thought of primarily in terms of research. But today, a journaling file system (ext3) is the default in Linux. Discover the ideas behind journaling file systems, and learn how they provide better integrity in the face of a power failure or system crash. Learn about the various journaling file systems in use today, and peek into the next generation of journaling file systems.
04 Jun 2008
Anatomy of Linux flash file systems
You've probably heard of Journaling Flash File System (JFFS) and Yet Another Flash File System (YAFFS), but do you know what it means to have a file system that assumes an underlying flash device? This article introduces you to flash file systems for Linux, and explores how they care for their underlying consumable devices (flash parts) through wear leveling, and identifies the various flash file systems available along with their fundamental designs.
20 May 2008
Anatomy of real-time Linux architectures
It's not that Linux isn't fast or efficient, but in some cases fast just isn't good enough. What's needed instead is the ability to deterministically meet scheduling deadlines with specific tolerances. Discover the various real-time Linux alternatives and how they achieve real time -- from the early architectures that mimic virtualization solutions to the options available today in the standard 2.6 kernel.
15 Apr 2008
Desktop development for the OLPC laptop
The XO laptop (of the One-Laptop-Per-Child initiative) is an inexpensive laptop project intended to help educate children around the world. The laptop includes many innovations, such as a novel, inexpensive, and durable hardware design and the use of GNU/Linux as the underlying operating system. The XO also includes an application environment written in Python with a human interface called Sugar, accessible to everyone (including kids). This article is excerpted from the developerWorks tutorial "Application development for the OLPC laptop," which takes a look at the Sugar APIs and shows how to develop and debug a graphical activity in Sugar using Python.
26 Feb 2008
Anatomy of the Linux SCSI subsystem
The Small Computer Systems Interface (SCSI) is a collection of standards that define the interface and protocols for communicating with a large number of devices (predominantly storage related). Linux provides a SCSI subsystem to permit communication with these devices. Linux is a great example of a layered architecture that joins high-level drivers, such as disk or CD-ROM drivers, to a physical interface such as Fibre Channel or Serial Attached SCSI (SAS). This article introduces you to the Linux SCSI subsystem and discusses where this subsystem is going in the future.
14 Nov 2007
Anatomy of Linux synchronization methods
In your Linux education, you may have learned about concurrency, critical sections, and locking, but how do you use these concepts within the kernel? This article reviews the locking mechanisms available within the 2.6 kernel, including atomic operators, spinlocks, reader/writer locks, and kernel semaphores. It also explores where each mechanism is most applicable for building safe and efficient kernel code.
31 Oct 2007
Anatomy of the Linux file system
When it comes to file systems, Linux is the Swiss Army knife of operating systems. Linux supports a large number of file systems, from journaling to clustering to cryptographic. Linux is a wonderful platform for using standard and more exotic file systems and also for developing file systems. This article explores the virtual file system (VFS) -- sometimes called the virtual filesystem switch -- in the Linux kernel and then reviews some of the major structures that tie file systems together.
30 Oct 2007
System emulation with QEMU
QEMU is an open source emulator for complete PC systems. In addition to emulating a processor, QEMU permits emulation of all necessary subsystems, such as networking and video hardware. It also permits emulation of advanced concepts, such as symmetric multiprocessing systems (up to 255 CPUs) and other processor architectures, such as ARM or PowerPC. This article explores QEMU and its architecture and shows how to emulate a guest operating system on a Linux host.
25 Sep 2007
Anatomy of the Linux networking stack
One of the greatest features of the Linux operating system is its networking stack. It was initially a derivative of the BSD stack and is well organized with a clean set of interfaces. Its interfaces range from the protocol agnostics, such as the common sockets layer interface or the device layer, to the specific interfaces of the individual networking protocols. This article explores the structure of the Linux networking stack from the perspective of its layers and also examines some of its major structures.
27 Jun 2007
Anatomy of the Linux kernel
The Linux kernel is the core of a large and complex operating system, and while it's huge, it is well organized in terms of subsystems and layers. In this article, you explore the general structure of the Linux kernel and get to know its major subsystems and core interfaces. Where possible, you get links to other IBM articles to help you dig deeper.
06 Jun 2007
Anatomy of the Linux slab allocator
Good operating system performance depends in part on the operating system's ability to efficiently manage resources. In the old days, heap memory managers were the norm, but performance suffered due to fragmentation and the need for memory reclamation. Today, the Linux kernel uses a method that originated in Solaris but has been used in embedded systems for quite some time, allocating memory as objects based on their size. This article explores the ideas behind the slab allocator and examines its interfaces and their use.
15 May 2007
Sugar, the XO laptop, and One Laptop per Child
One Laptop per Child (OLPC) is an organization whose mission is to develop a low-cost laptop (USD100) with accompanying software to spread computer literacy to children around the world. Because the device targets children, it must provide a novel user interface and applications that allow children to experiment with tools for expression and learning. The operating system for the OLPC is a port of the Linux kernel but with a unique interface called Sugar. In this article, learn about the Sugar human interface, see how to virtualize an OLPC laptop on a standard PC using QEMU, and take a tour of Sugar and the OLPC capabilities.
24 Apr 2007
Discover the Linux Kernel Virtual Machine
Linux and flexibility go hand in hand, and the options for virtualization are no different. But recently, a change in the Linux virtualization landscape has appeared with the introduction of the Kernel virtual Machine, or KVM. KVM is the first virtualization solution to be part of the mainline Linux kernel (V2.6.20). KVM supports the virtualization of Linux guest operating systems -- even Windows with hardware that is virtualization-aware. Learn about the architecture of the Linux KVM as well as why its tight integration with the kernel may change the way you use Linux.
18 Apr 2007
Virtualization with coLinux
Virtualization with VMware, Xen, and Kernel-based Virtual Machine (KVM) are all the rage these days. But did you know that you can run Linux cooperatively with Microsoft Windows? This article explores Cooperative Linux (coLinux), starting with a quick introduction to virtualization and then looking at the approach taken by coLinux. You'll also see how to get coLinux up and running on Windows.
31 Mar 2007
Kernel command using Linux system calls
Linux system calls -- we use them every day. But do you know how a system call is performed from user-space to the kernel? Explore the Linux system call interface (SCI), learn how to add new system calls (and alternatives for doing so), and discover utilities related to the SCI.
21 Mar 2007
Linux and symmetric multiprocessing
As evidenced by major central processing unit (CPU) vendors, multi-core processors are poised to dominate the desktop and embedded space. With multiprocessing comes greater performance but also new problems. This article explores the ideas behind multiprocessing and developing applications for Linux that exploit SMP.
14 Mar 2007
Parallelize applications for faster Linux booting
One of the biggest complaints about Linux, particularly from developers, is the speed with which Linux boots. By default, Linux is a general-purpose operating system that can serve as a client desktop or server right out of the box. Because of this flexibility, Linux serves a wide base but is suboptimal for any particular configuration. This article shows you options to increase the speed with which Linux boots, including two options for parallelizing the initialization process. It also shows you how to visualize graphically the performance of the boot process.
07 Mar 2007
Virtual Linux
Virtualization means many things to many people. A big focus of virtualization currently is server virtualization, or the hosting of multiple independent operating systems on a single host computer. This article explores the ideas behind virtualization and then discusses some of the many ways to implement virtualization. We also look at some of the other virtualization technologies out there, such as operating system virtualization on Linux.
29 Dec 2006
Data visualization tools for Linux
Applications for graphical visualization of data on Linux are varied, from simple 2-D plots to 3-D surfaces, scientific graphics programming, and graphical simulation. Luckily, there are many open source possibilities, including gnuplot, GNU Octave, Scilab, MayaVi, Maxima, OpenDX, and others. Each has its advantages and disadvantages and targets different applications. Explore a variety of open source graphical visualization tools to better decide which is best for your application. [This article has been updated to include coverage of OpenDX - Ed.]
30 Nov 2006
Build a Web spider on Linux
Web spiders are software agents that traverse the Internet gathering, filtering, and potentially aggregating information for a user. Using common scripting languages and their collection of Web modules, you can easily develop Web spiders. This article shows you how to build spiders and scrapers for Linux to crawl a Web site and gather information, stock data, in this case.
14 Nov 2006
Version control for Linux
Version control systems, or source management systems, are an important aspect of modern software development. Not using one is like driving a car too fast: it's fun and you might get to your destination faster, but an accident is inevitable. This article provides an overview of Software Configuration Management (SCM) systems and their benefits, including CVS, Subversion, Arch, and Git. It also reviews the most common SCM architectures. Finally, it explores some of the new approaches that are available and how they differ from the earlier methods. [Listing 4 has been updated to reflect improvements to Git's syntax. -Ed.]
16 Oct 2006
Open source robotics toolkits
Building a robot involves skills from many disciplines, including embedded firmware and hardware design, sensor selection, controls systems design, and mechanical design. But simulation environments can provide a virtual arena for testing, measuring, and visualizing robotics algorithms without the high cost (and time) of development. This article introduces you to some of the open source robotics toolkits for Linux, demonstrates their capabilities, and helps you decide which is best for you.
05 Sep 2006
Boost application performance using asynchronous I/O
The most common input/output (I/O) model used in Linux is synchronous I/O. After a request is made in this model, the application blocks until the request is satisfied. This is a great paradigm because the calling application requires no central processing unit (CPU) while it awaits the completion of the I/O request. But in some cases there's a need to overlap an I/O request with other processing. The Portable Operating System Interface (POSIX) asynchronous I/O (AIO) application program interface (API) provides this capability. In this article, get an overview of the API and see how to use it.
29 Aug 2006
BusyBox simplifies embedded Linux systems
BusyBox is a single executable implementation of many standard Linux utilities. BusyBox contains simple utilities, such as cat and echo, as well as larger, more complex tools, such as grep, find, mount, and telnet (albeit, with fewer options than the traditional version); some refer to BusyBox as the Swiss Army knife of utilities. This article explores the purpose of BusyBox, how it works, and why it's important for memory-constrained environments.
15 Aug 2006
Linux initial RAM disk (initrd) overview
The Linux initial RAM disk (initrd) is a temporary root file system that is mounted during system boot to support the two-state boot process. The initrd contains various executables and drivers that permit the real root file system to be mounted, after which the initrd RAM disk is unmounted and its memory freed. In many embedded Linux systems, the initrd is the final root file system. This article explores the initial RAM disk for Linux 2.6, including its creation and use in the Linux kernel.
31 Jul 2006
Inside the Linux scheduler
The Linux kernel continues to evolve, incorporating new technologies and gaining in reliability, scalability, and performance. One of the most important features of the 2.6 kernel is a scheduler implemented by Ingo Molnar. This scheduler is dynamic, supports load-balancing, and operates in constant time -- O(1). This article explores these attributes of the Linux 2.6 scheduler, and more.
30 Jun 2006
Inside the Linux boot process
The process of booting a Linux system consists of a number of stages. But whether you're booting a standard x86 desktop or a deeply embedded PowerPC target, much of the flow is surprisingly similar. This article explores the Linux boot process from the initial bootstrap to the start of the first user-space application. Along the way, you'll learn about various other boot-related topics such as the boot loaders, kernel decompression, the initial RAM disk, and other elements of Linux boot.
31 May 2006
Better networking with SCTP
The Stream Control Transmission Protocol (SCTP) is a reliable transport protocol that provides stable, ordered delivery of data between two endpoints (much like TCP) and also preserves data message boundaries (like UDP). However, unlike TCP and UDP, SCTP offers such advantages as multi-homing and multi-streaming capabilities, both of which increase availability. In this article, get to know the key features of SCTP in the Linux 2.6 kernel and take a look at the server and client source code that shows the protocol's ability to deliver multi-streaming.
28 Feb 2006
Boost socket performance on Linux
The Sockets API lets you develop client and server applications that can communicate across a local network or across the world via the Internet. Like any API, you can use the Sockets API in ways that promote high performance -- or inhibit it. This article explores four ways to use the Sockets API to squeeze the greatest performance out your application and to tune the GNU/Linux environment to achieve the best results. (Editor's note: we updated Tip 3 to correct an error in the calculation for Bandwidth Delay Product (BDP), spotted by an alert reader.)
03 Feb 2006
Five pitfalls of Linux sockets programming
The Sockets API is the de facto standard API for networking applications development. Although the API is simple, new developers can experience some common problems. This article identifies the most common of these pitfalls and shows you how to overcome them.
20 Sep 2005

Anatomy Series in IBM developerWorks

Anatomy ...

Anatomy of Linux journaling file systems
04 Jun 2008
Anatomy of Linux flash file systems
20 May 2008
Anatomy of Security-Enhanced Linux (SELinux)
29 Apr 2008
Anatomy of real-time Linux architectures
15 Apr 2008
Anatomy of the Linux SCSI subsystem
14 Nov 2007
Anatomy of Linux synchronization methods
31 Oct 2007
Anatomy of the Linux file system
30 Oct 2007
Anatomy of the Linux networking stack
27 Jun 2007
Anatomy of the Linux kernel
06 Jun 2007
Anatomy of the Linux slab allocator
15 May 2007

2008年6月29日 星期日

Add multitouch gesture support to a TouchPad-equipped laptop

Add multitouch gesture support to a TouchPad-equipped laptop

Enable 'Three-Finger Swipe,' and open- and close-pinch gestures using synclient and synthetic X events



SEAL (also called XSeal [1]) is a 32-bit graphical user interface for DOS created by Michal Stencl.[2] SEAL requires at least an Intel 80486, 8MB of RAM (although it may be possible to run SEAL on less, doing so is not recommended), a video card supporting 640x480 with 256 colors, 1.6MB of hard drive space, MS-DOS 3.0+ or equivalent (DR-DOS, PC-DOS, FreeDOS). SEAL is licened under the GNU GPL. It hasn't been under development since 2003. The last release, 2.0.11, came out 2002-04-11.[3]

FreeGEM is a computer GUI based on Digital Research's GEM which was first released in 1985. GEM stands for "Graphical Environment Manager". FreeGEM is the free software/open source version of GEM developed after Digital Research released the GEM code under the GPL free software licence.

OpenGEM is a distribution of FreeGEM, a graphical user interface (GUI) for DOS. OpenGEM is a non-multitasking 16-bit GUI.

Ikon is a 32-bit graphical user interface for DOS compatable systems, including FreeDOS. It is written from scratch using DJGPP and Allegro.

QubeOS is a multiplatform and multitasking desktop GUI system, developed in Slovakia. It was developed by Michal Stencl who also created SEAL GUI system.

WINE, ReactOS, Linux Unified kernel

Interesting reading about
ReactOS and
Linux Unified Kernel.

WINE is used to run unmodified Windows AP in Linux.

ReactOS is to provide a free and open source windows os clone.

The Linux Unified Kernel is a project to import certain key features of the Microsoft Windows operating system into the Linux kernel. The project is hosted by Insigma, and is issued under the GPL.

According to its developers, the current version of (0.2.1) provides several Windows mechanism implementations, including process/thread management, object management, virtual memory management, synchronization, etc. The relevant system calls are implemented to replace the services running in the user space, as well.

E/OS (Emulator Operating System) is a virtual machine emulation system.

E/OS is primarily based on the Linux kernel, QEMU, XFree86, and Wine, and is intended to be a replacement for operating systems such as Microsoft Windows, Mac OS, BeOS, OS/2, DOS, and Linux.

HX DOS-Extender is a free DOS extender with built-in Win32 PE file format support. Usually the purpose of a DOS extender is to make protected-mode features, especially large memory and 32-bit addressing, available for DOS applications.
Here is his home page.

run linux ap in windows

LINE Is Not an Emulator is a utility which executes unmodified Linux applications on Windows by intercepting Linux system calls. The Linux applications themselves are not emulated. They run directly on the CPU just like all other Windows applications.

There are some other useful links in LinuxLinks for simliar programs.

A Free Computer Ebook Site

Free Computer Ebooks: This site provides free ebooks on compiler design, lex, yaac, parser generators, automata lanuguages, automata techniques, advanced programming language design, Yacc, compiler construction phases, compiler construction using Bison, flex lexical analyser, compiler design and implementation techniques, modern compiler design techniques, etc

2008年6月26日 星期四

Interoperating with Windows Media Player using P/Invoke and C#

In codeproject.com, there is an article is interesting.

Interoperating with Windows Media Player using P/Invoke and C#

quote from the article:

This article hopes to demonstrate:

  • How to use P/Invoke to call unmanaged code.
  • How to use Spy++ to log Windows messages and get wParam and lParam values.
  • How to implement FindWindow() and SendMessage() in C#.
  • How to Interoperate with Windows Media Player.

2008年6月23日 星期一

Replication/Cluster solution for PostgreSQL

Continuent™ uni/cluster for PostgreSQL
Continuent™ uni/cluster for PostgreSQL is the leading middleware high availability and scalability solution for use with PostgreSQL. Continuent uni/cluster for PostgreSQL supports PostgreSQL’s native SQL and is integrated with native database functions for seamless integration and easy management.

SkypeGarage/DbProjects - Skype Developer Zone
During the development of Skype's backend infrastructure, we have enchanced PostgreSQL database in several ways, which we wish to give back to community. (A little overview of using postgreSQL at Skype can be found here: /SkypePostgresqlWhitepaper .) and Londiste is a PostgreSQL replication engine written in python.

Slony-ISeems good, single master only, master is a single point of failure, no good failover system for electing a new master or having a failed master rejoin the cluster. Slave databases are mostly for safety or for parallelizing queries for performance. Suffers from O(N^2) communications (N = cluster size). with reasonable sysadmin you can implement failover system yourself.
Slony is powerful, trigger based, and highly configurable.

pgPool-I, pgPool-II, pgpool 1/2 is a reasonable solution. it's statement level replication, which has some downsides, but is good for certain things. pgpool 2 has a neat distributed table mechanism which is interesting. You might want to be looking here if you have extremely high ratios of read to write but need to service a huge transaction volume. Supports load-balancing and replication by implementing a proxy that duplicates all updates to all slaves. It can partition data by doing this, and it can semi-intelligently route queries to the appropriate servers.

PGCluster PGCluster which does synchronous multimaster replication. Two single-points failure spots, load balancer and the data replicator. The project has historically looked a bit dead, but they just released a new version and moved to a Trac-based web site at http://www.pgcluster.org/ and http://pgfoundry.org/projects/pgcluster is up to date (at least downloads page) One major downside to PGCluster is that it uses a modified version of PostgreSQL, and it usually lags a few releases behind.

Cybercluster is a PostgreSQL replication solution which makes sure that the database cluster is consistent at every point in time. We rely on a shared-nothing architecture which is perfectly suitable for synchronous multimaster replication.

for more info, refer to
Replication, Clustering, and Connection Pooling

2008年4月30日 星期三

patch kernel without reboot

Ksplice: Rebootless Linux kernel security updates

Ksplice allows system administrators to apply security patches to the Linux kernel without having to reboot. Ksplice takes as input a source code change in unified diff format and the kernel source code to be patched, and it applies the patch to the corresponding running kernel. The running kernel does not need to have been prepared in advance in any way.

To be fully automatic, Ksplice's design is limited to patches that do not introduce semantic changes to data structures, but most Linux kernel security patches don't make these kinds of changes. An evaluation against Linux kernel security patches from May 2005 to December 2007 finds that Ksplice can automatically apply 84% of the 50 significant kernel vulnerabilities from this interval.

network tap

SPAN Port or TAP? CSO Beware (by Tim O’Neill)

Monitoring Network Traffic with Netflow

Network tap

Network intrusion detection: Getting hooked up

bridge on linux

Net:Bridge - The Linux Fundation good introduction.

ebtables - Ethernet-Bridge-tables a filter tool for ethernet bridge as iptables for ip traffics.

2008年4月29日 星期二

Mick Bauer's articles on LinuxJournal

Mick Bauer's articles on LinuxJournal

vpn solutions


vpnd (Virtual Private Network Daemon)

PPTP server for Linux
PPTP client for Linux

zorp I/II

[1] http://www.linuxjournal.com/files/linuxjournal.com/linuxjournal/articles/072/7296/7296f1.png
[2] http://www.linuxjournal.com/files/linuxjournal.com/linuxjournal/articles/072/7296/7296f2.png
[3] http://www.balabit.com
[4] http://www.balabit.com/products/oss/tproxy
[5] http://www.balabit.com/downloads
[6] http://www.balabit.com/products/zorp_gpl/tutorial

[1] http://www.balabit.com/products/oss/tproxy
[2] http://www.balabit.com/products/zorp_gpl
[3] http://www.linuxjournal.com/files/linuxjournal.com/linuxjournal/articles/073/7347/7347f1.png
[4] http://www.balabit.com/downloads/zorp/zorp-os/pool/i/iptables-utils
[5] http://www.linuxjournal.com/files/linuxjournal.com/linuxjournal/articles/073/7347/7347f2.png
[6] http://www.balabit.com
[7] http://www.balabit.com/downloads/zorp/zorp-os
[8] https://lists.balabit.hu/mailman/listinfo/zorp