Search

10/19/2012

[Android] 好用的 Chrome 瀏覽器之開發人員工具 – USB 網頁偵錯功能

[Android] 好用的 Chrome 瀏覽器之開發人員工具 – USB 網頁偵錯功能

adb forward tcp:9222 localabstract:chrome_devtools_remote then connect to http://localhost:9222

How to Launch a 65Gbps DDoS, and How to Stop One

How to Launch a 65Gbps DDoS, and How to Stop One

So You Want to Launch a DDoS So how does an attacker generate 65Gbps of traffic? It is highly unlikely that the attacker has a single machine with a big enough Internet connection to generate that much traffic on its own. One way to generate that much traffic is through a botnet. A botnet is a collection of PCs that have been compromised with a virus and can be controlled by what is known as a botnet herder. Botnet herders will often rent out access to their botnets, often billing in 15 minute increments (just like lawyers). Rental prices depend on the size of the botnets. Traditionally, email spammers purchased time on botnets in order to send their messages to appear to come from a large number of sources. As email spam has become less profitable with the rise of better spam filters, botnet herders have increasingly turned to renting out their networks of compromised machines to attackers wanting to launch a DDoS attack. To launch a 65Gbps attack, you'd need a botnet with at least 65,000 compromised machines each capable of sending 1Mbps of upstream data. Given that many of these compromised computers are in the developing world where connections are slower, and many of the machines that make up part of a botnet may not be online at any given time, the actual size of the botnet necessary to launch that attack would likely need to be at least 10x that size. While by no means unheard of, that's a large botnet and using all its resources to launch a DDoS risks ISPs detecting many of the compromised machines and taking them offline. Amplifying the Attacks Since renting a large botnet can be expensive and unwieldy, attackers typically look for additional ways to amplify the size of their attacks. The attack on Saturday used one such amplification technique called DNS reflection. To understand how these work, you need to understand a bit about how DNS works. When you first sign up for an Internet connection, your ISP will provide you with a recursive DNS server, also known as a DNS resolver. When you click on a link, your computer sends a lookup to your ISP's DNS resolver. The lookup is asking a question, like: what is the IP address of the server for cloudflare.com? If the DNS resolver you query knows the answer, because someone has already asked it recently and the answer is cached, it responds. If it doesn't, it passes the request on to the authoritative DNS for the domain. Typically, an ISP's DNS resolvers are setup to only answer requests from the ISP's clients. Unfortunately, there are a large number of misconfigured DNS resolvers that will accept queries from anyone on the Internet. These are known as "open resolvers" and they are a sort of latent landmine on the Internet just waiting to explode when misused. DNS queries are usually sent via the UDP protocol. UDP is a fire-and-forget protocol, meaning that there is no handshake to establish that where a packet says it is coming from actually is where it is coming from. This means, if you're an attacker, you can forge the header of a UDP packet to say it is coming from a particular IP you want to attack and send that forged packet to an open DNS resolver. The DNS resolver will reply back with a response to the forged IP address with an answer to whatever question was asked. To amplify an attack, the attacker asks a question that will result in a very large response. For example, the attacker may request all the DNS records for a particular zone. Or they may request the DNSSEC records which, often, are extremely large. Since resolvers typically have relatively high bandwidth connections to the Internet, they have no problem pumping out tons of bytes. In other words, the attacker can send a relatively small UDP request and use open resolvers to fire back at an intended target with a crippling amount of traffic.

石碇潭腰&八卦茶園-攝影點分享

石碇潭腰&八卦茶園-攝影點分享
【新北石碇】台灣也有千島湖(前往千島湖拍照最佳指南文) - Clare的生活品味 - 無名小站 google map

Is the use of “utf8=✓” preferable to “utf8=true”?

Is the use of “utf8=✓” preferable to “utf8=true”?

By default, older versions of IE (<=8) will submit form data in Latin-1 encoding if possible. By including a character that can't be expressed in Latin-1, IE is forced to use UTF-8 encoding for its form submissions, which simplifies various backend processes, for example database persistence. If the parameter was instead utf8=true then this wouldn't trigger the UTF-8 encoding in these browsers.

2400 Flag Icon Set — Resources from GoSquared

2400 Flag Icon Set — Resources from GoSquared - free flag icons

We’ve created a flag for every major country in the world, plus a few more. And we’ve created them in several sizes so they’ll look great no matter where you’re using them – 16×16, 24×24, 32×32, 48×48, and 64×64. We’ve also provided them in 2 variants – as flat and standard, and with a lovely glossy finish.

10/12/2012

(我的)信息危机 - est's blog

(我的)信息危机 - est's blog

难得夜深人静反思一下。我个人每天12个小时在网上闲逛,自个觉得我现在有几个值得警惕的危险趋势: 输入越来越多,输出越来越少。创作能力退化。 个人觉得消费信息文化这个风气是由教主Steve Jobs带来的,以iPad为代表的纯内容消费平台给大家带来的各种使用的便利和享受的同时,也剥夺了一项至关重要的权利——创作和生产。 和PC相比,你既可以在上边消磨时光,但同时也可以用来当作生产力工具。我个人觉得PC平台是一种输入输出的平衡 而iPad这类平台不一样,这货带来的风气,就是一种consumer culture。在iPad上外接键盘打字都十分痛苦和不友好。你在上边能做的就是消费弱智游戏,消费视频,消费小清新照片。Android似乎友好一点,甚至android上直接编写android程序。办公什么的也有可行性,但是这也最多是先驱者的尝试和号称而已。 这个问题的各种衍生也深深影响了互联网。我觉得可以叫做consumerism。君不见各大博客、BBS、微博上,除了喷子就是小白。很少有人积极去invent有意义和价值东西了。 过多信息时效化。(我承认我现在患“语体教”病了,我很难找到一个词语来形容这个东西)具体的描述就是,人们更加关心失效性很快的东西,更加耸人听闻的东西,和心理落差更大的东西,而偏向忽略那些永恒的东西。比如关心某软件、ROM、OS的新特性,而不去关心整个业界的完备推进程度。就举一个简单例子。Steve Jobs很喜欢声讨Flash怎么烂怎么搓,但是他从来不告诉你作为一个移动设备的 矢量+音视频多媒体引擎 应该做成什么样子。我们过多的去关心如何打倒Flash,如何打倒IE6,新技术如何做到Flash 10年前也能做的东西,比如apple.com上的wwdc现在都还在用Quicktime®(而不是html5 video)来播放流媒体;在HTML5喧嚣的今天,人们甚至通过WOFF这种奇技淫巧来绘制矢量图标。这是一种悲哀,和对SVG莫大的讽刺。 碎片化。这个就不说了。但同时我觉得我还有另外一个很显然的毛病——老了。各种怀旧各种经典,很少去接触新事物了。手上天天操作和玩的东西,和几年前的并没有实质上的差别。 流行的东西就是王道。即使小众的领域里,相对流行的也能秒杀其他的。人们宁愿附和各种lame的meme,也比自己写一段nobody cares的东西更加有归属感。其实我觉得这个是生态圈的问题。每个个人的能力是有限的,你在一个注定forever alone的小圈子里,是很少能得到反馈的。你甚至渴望信噪比很低的反馈。 信噪比。我觉得现在一个最最最浮躁,但是又欲罢不能的问题就是各种重复信息。各种repost简直是强奸你的接受器官。但是你miss了一系列之后又觉得自己真2b。花那么多时间在网上连这个最泛滥的东西都不知道。各种第三方的aggregate工具,由于依靠全自动化算法,所以coverage由成问题。现在对话题的关注精力投入远远大于收获。 各种挖坑不填。其实最消耗精力的就是没有结局的故事。了结的事情总是让人舒坦。但是现在千头万绪的信息,有始有终的太少啦。新事物,新自造轮子的产生速度大于问题的产生速度。这种让人无所适从。坑多就不说了,我还讨厌选择。所以进一步导致更多的放弃。我越来越发现 问题 - 解决方案 这种线性思路越来越不适应需要了。我现在需要的是一种全新的面向变化的结构。 人物为中心的世界。我十分吃力的去人物化。 我渴望一个SNS,隔绝与hivemind的各种hype,又能自洽。这是一种neo utopia么?我觉得这是我这种introvert的人的病。明明知道任何群体都有4个阶段:适应 - 指数增 - 平衡 - 衰亡。这是注定的命运。 上诉问题都是我个人自己点滴感受。当然,这和我个人所处的环境有关,或许其他人的感受不是这样的。或许只是我自己所处的环境太糟糕了。个性化的互联网就是这样,你很难看到客观一致的东西,你看到的都是你自身的影子。你自己是个挫人,那么你关注的人群也基本都很挫,你得到的东西也是很挫的。

10/03/2012

HTTP persistent connection - Wikipedia, the free encyclopedia

HTTP persistent connection - Wikipedia, the free encyclopedia

HTTP persistent connection, also called HTTP keep-alive, or HTTP connection reuse, is the idea of using a single TCP connection to send and receive multiple HTTP requests/responses, as opposed to opening a new connection for every single request/response pair.

Chunked transfer encoding - Wikipedia, the free encyclopedia

Chunked transfer encoding - Wikipedia, the free encyclopedia

Chunked transfer encoding is a data transfer mechanism in version 1.1 of the Hypertext Transfer Protocol (HTTP) in which a web server serves content in a series of chunks. It uses the Transfer-Encoding HTTP response header in place of the Content-Length header, which the protocol would otherwise require. Because the Content-Length header is not used, the server does not need to know the length of the content before it starts transmitting a response to the client (usually a web browser). Web servers can begin transmitting responses with dynamically-generated content before knowing the total size of that content. The size of each chunk is sent right before the chunk itself so that a client can tell when it has finished receiving data for that chunk. The data transfer is terminated by a final chunk of length zero.

10/02/2012

satine.org – Building CoverFlow for Safari on iPhone

satine.org – Building CoverFlow for Safari on iPhone

The zflow demo in CSS-VFX uses the Apple CSS Visual Effects extensions for hardware accelerated (on iPhone!) 3D perspective correct transforms and easily animated transitions. HTML 5 Canvas is used for simulating reflections. zflow starts by loading each image from the images array. When each image is loaded, we scale the image to fit in a square region, and apply 3D CSS transforms to scale it in place. Reflections – zflow then takes the scaled image and creates a Canvas element that contains a gradient alpha mask of the image’s reflection (using a “reflect” function to do this) and positions the canvas element in place. Touch Controller – zflow creates a TouchController object, who’s job is to field touch events from Mobile Safari and calculate an appropriate offset. Clicking – zflow detects when no move events have been made, and zooms + rotates the focused image forward by setting a “CSS Transition”ed 3D transform on the focused image. Clicking again transitions the image back. Inertia – zflow achieves inertia by setting the “transition timing function” of the “tray” to an “ease-out” function, which slows things down. On the touch end event, we calculate the projected velocity and set the tray’s target position to that location. CSS Transitions handles the decay in velocity as the transition timing function executes — slowing the tray down gradually.

10/01/2012

Initializr - Start an HTML5 Boilerplate project in 15 seconds!

Initializr - Start an HTML5 Boilerplate project in 15 seconds!

Initializr is here to kick-start the development of your new projects. It generates templates based on HTML5 Boilerplate by allowing you to choose which parts you want or don't want from it. A responsive template has also been added to start from a basic design instead of a blank page.
responsive layout

via: html5-boilerplate

documents: https://github.com/h5bp/html5-boilerplate/blob/master/doc/html.md https://github.com/h5bp/html5-boilerplate/blob/master/doc/css.md https://github.com/h5bp/html5-boilerplate/blob/master/doc/js.md https://github.com/h5bp/html5-boilerplate/blob/master/doc/misc.md

超神奇局部烤漆...#39樓#42樓有相關資料 - BMW - Mobile01

超神奇局部烤漆...#39樓#42樓有相關資料 - BMW - Mobile01

若需局部鈑金和烤漆,找華江橋頭的小呂 若是車身的凹痕小酒窩,但是沒有掉漆 想保留新車原漆的話, 就去找重慶北路的"凹痕先生"

The exercise habit

The exercise habit

Right now I’m reading The Power of Habit: Why We Do What We Do in Life and Business by Charles Duhigg and everything suddenly became very clear. Exercise is what Duhigg calls a “keystone habit”: “Typically, people who exercise, start eating better and becoming more productive at work. They smoke less and show more patience with colleagues and family. They use their credit cards less frequently and say they feel less stressed. Exercise is a keystone habit that triggers widespread change.”
via: What happens to our brains when we exercise and how it makes us happier