Search
5/30/2006
5/25/2006
Google Services
- Google Sitemaps
對網站產生索引,叫googlebot來爬你的網站,還有一些統計資料,不過googlebot還沒來爬, 所以看不到 - Google Free web search with site search
因為blogger的search很爛,弄各google的試看看,這邊有FAQ - Webmaster Help Center
如果有不想被index到的網頁,該如何移除,包括已經被google cache的網頁。 - Google Data APIs Overview
一個叫做GData的東西,GData is a new protocol based on Atom 1.0 and RSS 2.0.
Blogger Favicon
換了Favicon,參考這一篇
把圖(假設是favicon.png)放到可以link的地方(ex: flickr),然後在範本的</head>前面加入這三行。不過ie好像看不到?
<link rel="shortcut icon" href="http://example.com/favicon.png" />
<link rel="icon" href="http://example.com/favicon.png" />
<link rel="shortcut icon" href="http://example.com/favicon.png" />
Gmail的寫法
<link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon">
5/23/2006
Linux Tools
Faster remote desktop connections with FreeNX
synergy
Synergy lets you easily share a single mouse and keyboard between multiple computers with different operating systems, each with its own display, without special hardware. It's intended for users with multiple computers on their desk since each system uses its own monitor(s).
CLI Magic: Viewing pictures on the console with fbida
Fbida (previously known as fbi) is an image viewer for the Linux console.
tag: linux tools remote control
How Shellcodes Work
- shell code不能有data segment
The problem is that both programs use their own data segments, which means that they cannot execute inside another application. This means in chain that an exploit will not be able to inject the required code into the stack and execute it. - eax存的是function codes(can be found in /usr/include/asm/unistd.h), ebx存的是第一各parameter, ecx存的是第二各parameter,...
- array的話反著push進去stack, esp(enhanced stack pointer)會儲存stack的top element address
- int 0x80 ; Call the kernel to make the system call happen
Related Shellcodes links
- Wikipedia - Shellcodes, Buffer Overflow
- Smashing The Stack For Fun And Profit
- Writing Shell Code
- Chapter 12: Writing Exploits III from Sockets, Shellcode, Porting & Coding: Reverse Engineering Exploits and Tool Coding for Security Professionals by James C. (有Using the Metasploit Framework)
tag: hack shell code programming
5/22/2006
RealVNC 4.1.1 Remote Compromise
http://marc.theaimsgroup.com/?l=bugtraq&m=114771408013890&w=2
1) Server sends its version, "RFB 003.008\n"
2) Client replies with its version, "RFB 003.008\n"
3) Server sends 1 byte which is equal to the number of security types offered
3a) Server sends an array of bytes which indicate security types offered
4) Client replies with 1 byte, chosen from the array in 3a, to select
the security type
5) The handshake, if requested, is performed, followed by "0000" from the server
Server -> Client: 52 46 42 20 30 30 33 2e 30 30 38 0a <- Server version
Client -> Server: 52 46 42 20 30 30 33 2e 30 30 38 0a <- Client version
Server -> Client: 01 02 <- One field follows... and that field is 02
(DES Challenge)
Client -> Server: 01 <- Ahh, the lovely 1 byte exploit! Beautiful, isn't it?
Server -> Client: 00 00 00 00 <-- Authenticated!
realvnc_41_bypass
Metasploit Framework
The Framework was written in the Perl scripting language and includes various components written in C, assembler, and Python. The widespread support for the Perl language allows the Framework to run on almost any Unix-like system under its default configuration. A customized Cygwin environment is provided for users of Windows-based operating systems. The project core is dual-licensed under the GPLv2 and Perl Artistic Licenses, allowing it to be used in both open-source and commercial projects.
5/17/2006
物件導向的Javascript
1.先看這一篇,寫得很好
Quick guide to somewhat advanced Javascript (cache)
2.再來看
Quick Guide to Prototype
Developer Notes for prototype.js (cache),當然要跟prototype.js對照著看。
3.再來還有一拖拉庫的Javascript Library可以看, ex:
VIM改造
http://blog.othree.net/log/2006/04/08/vim_7_beta/.vimrc (cache)
目前的vimrc
ctrl+c : copy
ctrl+x : cut
ctrl+v : paste
ctrl+s : 存檔
ctrl+z : 回復上一步
ctrl+n : new tab
ctrl+\ : 切換tab
Firefox Extensions
Leak Monitor ExtensionThis Firefox extension detects one very specific type of leak in chrome JavaScript and in Web pages. (Not in JavaScript components, though.) It detects when JavaScript objects in the chrome or Web page are still held by native code after the window is closed.
VideoDownloaderDownload videos from Youtube, Google, Metacafe, iFilm, Dailymotion... and other 60+ video sites ! And all embedded objects on a webpage (movies, mp3s, flash, quicktime, etc) ! Directly !
5/14/2006
5/12/2006
Javascript - DOM
HTML文件的階層結構在DOM中是以樹結構來表達。樹的節點是代表文件中各種型態的內容。
<html>
<head>
<title>Sample Document</title>
</head>
<body>
<h1>An HTML Document</h1>
<p>This is a <i>Simple</i> document.
</body>
</html>
以DOM的觀點來看這份文件,結構如下
- Node物件的childNodes屬性會傳回該節點的子節點清單。
- firstChild, lastChild,nextSibling, previousSibling,parentNode屬性讓你尋訪樹結構中的節點的手段
- appendChild(), removeChild(), replaceChild(), insertBefore()可以在文件數中新增移除節點
介面 NodeType常數 nodeType之值
Element Node.ELEMENT_NODE 1
Text Node.TEXT_NODE 3
<head>
<script>
function counterTags(n){
var nTags = 0;
if(n.nodeType==1){
nTags++;
// alert(n.tagName);
}
var children = n.childNodes;
for(var i=0; i<=children.length-1; i++){
nTags += counterTags(children[i]);
}
return nTags;
}
</script>
</head>
<body onload = "alert('this document has '+counterTags(document)+' tags')">
<h1>This is a <i>sample</i> document.</h1>
</body>
會alert "this document has 7 tags",分別是HTML,HEAD,TITLE,SCRIPT,BODY,H1,I,
雖然沒有HTML, TITLE不過也會計算進去。
找出文件中特定的元素
getElementsByTagName("body")[0]
//getElementByTagName()傳回一個NodeList物件。視為陣列
如果想對文件中的第四段落做些什麼事
var myParagraph = document.getElementsByName("p")[3]
不是最佳做好->在文件的開頭新插入一段,程式就不能用了。最好是給一個id標籤,替元素指定獨一無二的名稱。
<p id="specialParagraph">
就可以用var myParagraph = document.getElementById("specialParagraph")
注意getElementById()不像getElementsByTagName()傳回含有元素的陣列。因為每個id特性之值都是唯一的,getElementsById()只會傳回一個吻合id特性的單一元素。
可以使用getElementById()來找出特定元素,再用getElementsByTagName()來找出該元素下特定型態的所有子孫節點。
//在文件中找出特定的表格元素,在計算其資料列數目
var tableOfContents = document.getElementById("TOC");
var rows = tableOfContents.getElementByTagName("tr");
var numrows = rows.length;
修改文件
利用document.createTextNode()來建立新的Text節點
<script>
// This function recursively looks at node n and its descendants,
// replacing all Text nodes with their uppercase equivalents.
function uppercase(n) {
if (n.nodeType == 3 /*Node.TEXT_NODE*/) {
// If the node is a Text node, create a new Text node that
// holds the uppercase version of the node's text, and use the
// replaceChild() method of the parent node to replace the
// original node with the new uppercase node.
var newNode = document.createTextNode(n.data.toUpperCase());
var parent = n.parentNode;
parent.replaceChild(newNode, n);
}
else {
// If the node was not a Text node, loop through its children,
// and recursively call this function on each child.
var kids = n.childNodes;
for(var i = 0; i < kids.length; i++) uppercase(kids[i]);
}
}
</script>
<!-- Here is some sample text. Note that the p tags have id attributes -->
<p id="p1">This <i>is</i> paragraph 1.</p>
<p id="p2">This <i>is</i> paragraph 2.</p>
<!-- Here is a button that invokes the uppercase() function defined above -->
<!-- Note the call to Document.getElementById() to find the desired node -->
<button onclick="uppercase(document.getElementById('p1'));">Click Me</button>
利用document.createElement建立新的元素(html tag)
<script>
// This function takes a node n, replaces it in the tree with an Element node
// that represents an html <b> tag, and then makes the original node the
// child of the new <b> element.
function embolden(node) {
var bold = document.createElement("b"); // Create a new <b> Element
var parent = node.parentNode; // Get the parent of node
parent.replaceChild(bold, node); // Replace node with the <b> tag
bold.appendChild(node); // Make node a child of the <b> tag
}
</SCRIPT>
<!-- A couple of sample paragraphs -->
<p id="p1">This <i>is</i> paragraph #1.</p>
<p id="p2">This <i>is</i> paragraph #2.</p>
<!-- A button that invokes the embolden() function on the first paragraph -->
<button onclick="embolden(document.getElementById('p1'));">Embolden</button>
<script>
function changelink(){
document.getElementById('myAnchor').innerHTML = "visit W3Schools";
document.getElementById('myAnchor').href = "http://www.w3schools.com";
document.getElementById('myAnchor').target = "_blank";
}
</script>
<a id="myanchor" href="http://www.microsoft.com">Visit Microsoft</a>
<input type="button" onclick=changelink() value="change link">
</pre>
標籤: dom, JavaScript
DIR Command
http://www.ss64.com/nt/dir.html
在這個目錄下找出所有有foobar字的目錄(不包含檔案)。
dir *.* /a:d /b /s /l | find "foobar"
/A:D 只列出Folder
/B Bare format (no heading information or summary).
/S include all subfolders.
/L use Lowercase. (因為find是case sensitive)
在這個目錄下列出所有目錄
dir *.* /a:d /b /s
5/11/2006
今日閱讀2006-05-11
Skype SMS... what’s up with the beta?
"...In Taiwan and China the SenderID will also be overridden by a local reply address."
Yes, we are still all about search
Google Co-op
Google Desktop 4
Google Trends
可否推薦聽起來舒服輕鬆的音樂!~
5/09/2006
今日閱讀2006-05-09
Yahoo!奇摩Widget Engine 3.1.1 版中文技術手冊Search bots behavior analyzed
Widget工具製作教戰守則
On BotsGoogle's Bigtable
Google's BigTable
BigTable is a system for storing and managing very large amounts of structured data. The system is designed to manage several petabytes of data distributed across thousands of machines, with very high update and read request rates coming from thousands of simultaneous clients.
5/08/2006
今日閱讀2006-05-08
Web 2.0 and Databases Part 1: Second Life
Database War Stories #2: bloglines and memeorandum Permalink
Database War Stories #3: Flickr
Database War Stories #4: NASA World Wind
Database War Stories #5: craigslist
Database War Stories #6: O'Reilly Research
Database War Stories #7: Google File System and BigTable Permalink
Database War Stories #8: Findory and Amazon
Database War Stories #9 (finis): Brian Aker of MySQL Responds
VC6的小改造
續上篇,順手根據這一篇把VC6 的顏色&字型都改一改。
在HKEY_CURRENT_USER\Software\Microsoft\DevStudio\6.0\Format\Source Window找到下面幾項照著改就可以了。
以text來說ff ff ff 00是前景色,分別是R G B三顏色,最後補00,33 33 33 00是背景色,
最後12 01 b2 00不知是啥,保持原狀。source windows的背景色只有改text這一項而已。
text
ff ff ff 00 33 33 33 00 12 01 b2 00
comment
87 cd eb 00 00 00 00 00 10 00 11 00
number
ff a0 a0 00 00 00 00 00 10 00 11 00
keyword
bd b7 6b 00 00 00 00 00 10 00 11 00
vim desert theme原本的樣子
vc6模仿的結果
還是差一點,這就是所謂的"功敗垂成"嗎?
5/05/2006
VC6字型&字型心得
VC6預設的字型為Finxdsys
修改字型的選項在
Tools -> Options -> Format
或
HKEY_CURRENT_USER\Software\Microsoft\DevStudio\6.0\Format\Source Window
修改FontFace=Consolas, FontSize=10
建議字形
1.Consolas download here
2.Bitstream Vera Sans Mono download here
3. Courier new
今日閱讀2006-05-05
HMM不負責講座 (一): CpG islands
HMM不負責講座 (二): 馬可夫鏈 (Markov Chains)
HMM不負責講座 (三): HMM 動機 (以 CpG islands 問題而言)
HMM 不負責講座 (四): HMM 定義與實例
(cache)
Seven habits of effective text editing (cache)
vim+ctags+taglist+cscope+cppcomplete+global (cache)
www.phrack.org (wikipedia)
Software validation小記
Extracting Facts from Open Source Software
Secrets from the Monster: Extracting Mozilla’s Software Architecture