Apache+MySQL+PHP+OpenSSL in Ubuntu

SSL介紹 SSL(Secure Socket Layer)是Netscape所提出來的資料保密協定，採用了RC4、MD5，以及RSA等加密演算法。

網路上需要確定網站真的是那個網站，所以SSL也具備認證的機能。SSL是以金字塔的結構 組成，最下層的是一般的伺服器，它們經由向上跟CA申請取得SSL的憑證，CA會在SSL相關檔案上簽名，CA是具有公信力和認證能力的機構，CA必須向上跟RootCA(如政府機構等)申請。當使用者連結具SSL的服務時，伺服器會傳送憑證給使用者，使用端的程式接收到憑證後會向CA確認憑證，若CA確認這個憑是它們簽發的則會回傳給使用端正確的訊息。 具有SSL功能的網站可以向 世界少數幾個發證機構（例如目前最大的VeriSign或第二大的Thawte兩家認證公司）申請，經過嚴格的文件證明確認後，才能取得國際認可（較新版 的MSIE或Netscape瀏覽軟體會自動認得）的電子認證。

所有 SSL憑證都是發給公司或是法人，典型的 SSL 憑證將包括您的網域名稱(domain name)、您的公司名稱(company name)、您的住址(address)、您的所在城市(city)、您的省份(state)和您的國家(country)，它也包含了憑證的到期日和負責核發此憑證的發證中心詳細資料。當一個瀏覽器連結到一個安全網站時，它將收到這個網站的SSL憑證並且檢驗它是否過期、它是否是已經被瀏覽器信任的發證中心所核發的，以及它是否如核發時 所登記的內容被該網站使用，假如有任何一項檢查不通過，瀏覽器將顯示一個警告訊息給使用者。

在Ubuntu上安裝 apache+mysql+php+openssl

sudo tasksel install lamp-server
安裝 lamp (apache mysql php)

sudo apt-get install mysql-admin mysql-gui-tools-common mysql-query-browser
安裝mysql的管理介面

sudo apt-get install -y php5-gd
安裝GD庫

sudo apt-get install -y openssl
安裝Openssl

sudo apt-get install -y ssl-cert
安裝簽署憑證的工具

sudo a2enmod ssl
安裝ssl模組

sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl
sudo ln -s /etc/apache2/sites-available/ssl /etc/apache2/sites-enabled/ssl
複製一份預設擋供ssl用，並且用ln建立連結（捷徑）至sites-enabled/ssl

sudo vim /etc/apache2/sites-enabled/ssl
在以下位置後面加入紅色的設定值

NameVirtualHost *:443


sudo vim /etc/apache2/sites-enabled/default
在以下位置後面加入紅色的設定值

NameVirtualHost *:80
SSLEngine On
SSLCerficationFile /etc/apache2/etc/apache.pem


sudo vim /usr/sbin/make-ssl-cert
將"-keyout $output"改成"-keyout $output -days 3650"即可將憑證有效時間改成10年

sudo mkdir /etc/apache2/ssl
建立ssl憑證所擺放目錄

sudo make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/etc/apache.pem
make-ssl-cert is a wrapper of OpenSSL
依照指示輸入憑證相關訊息，即可產生自簽的電子證書！

sudo /etc/init.d/apache2 force-reload
重新載入配置

sudo /etc/init.d/apache2 restart
重新啟動Apache2

產生自簽的CA 產生自簽的CA的意義是，自己架設一個CA，並為自己的伺服器的憑證簽名。則使用端收到憑證時，會向CA確定，這時就用自己架的CA去確認說憑證是有效的。當然這樣是沒有公信力的，而且把自己架的伺服器登記為CA需要手動加入，一般這樣做都是為了測試用。

參考以下連結
http://wiki.ubuntu.org.cn/OpenSSL 主要做兩件事情
第一件是架CA：Creating the Certificate Authority
第二件是架server：Creating a Self-Signed Server Certificate
並使用自己的CA為它簽名

Reverse Engineering Tools

Microsoft Windows

Three tools pervade the warchest of the contemporary analyst on the Windows platform: IDA, SoftICE, and PE Tools. IDA is the Interactive Disassembler from Data Rescue. IDA is used to examine the executable on-disk. IDA provides useful features such as call graphs for analyzing program flow and automatic library detection.

SoftICE is a Ring 0 debugger from Compuware. Though SoftICE is no longer an offering from Compuware, it's use is still very common. While the author now uses WinDbg in place of SoftICE, some analysts have turned to OllyDbg. It is presumed that once Compuware decides to sell SoftICE, the debugger will regain it's previous popularity.

PE Tools is used to dump either a partial (region) or full in-memory image of an executable. It also includes the ability to automatically remove "Anti Dump Protection", and find the original OEP (AddressOfEntryPoint value of the IMAGE_OPTIONAL_HEADER structure). This tool would be used with a packed or encrypted executable. After the decompression or decryption occurs, PE Tools would be used to copy the image from memory for further analysis.

IDA is used to perform a static analysis on-disk, while a debugger is used to interrogate the executing program while in-memory. Based on the tools, this leads to the observation that a Protection Scheme must be functional in two environments - on-disk and in-memory. In the virus research community, challenging disassembly occurs in the anti-disassembly layer, while the implementation deterring dynamic analysis is known as a anti-debug layer.

Unix and Linux

For Unix and Linux, objdump (with it's PERL based wrapper dasm) and gdb are two available tools. gdb supports debugging of C, C++, Java, Fortran and Assembly among other languages. In addition, gdb is designed to work closely with the GNU Compiler Collection (GCC). objdump and dasm collectively act as full disassembler. Alternately, one can run Windows applications such as IDA on Linux using Wine, which acts as a compatibility layer for running Windows programs on Linux. Kris Kaspersky introduces additional tools and details procedures specific to the ELF file format in Hacker Disassembling Uncovered.

人生第一筆薪水

就在今天
我拿到人生第一筆薪水了
真是莫名的感動

因為八九十月沒收入　債台高築
償還債務後也剩不下來
但我還是要好好記念今天　哈

struct的特別用法

#include 

typedef struct A {
    int up : 1;
    int down : 1;
    int left : 1;
    int right : 1;
}Cell;

int main(void) {
    Cell c;

    c.up = c.down = c.left = c.right = 0;
    c.down = 1;
    printf("%d %d\n", sizeof(Cell), sizeof c);
    printf("%d %d %d %d\n", c.up & 1, c.down & 1, c.left & 1, c.right & 1);
    printf("%d %d %d %d\n", c.up, c.down, c.left, c.right);
    return 0;
}

結果:
4 4
0 1 0 0
0 -1 0 0

宣告的變數會變成bit-field　struct因padding大小是4個byte.
裡面的變數都是bit　只能做bit operator　否則結果不是你想要的.

Bizarre Love Triangle

Every time I think of you
I get a shot right through into a bolt of blue
It's no problem of mine but it's a problem I find
Living a life that I can't leave behind
There's no sense in telling me
The wisdom of a fool won't set you free
But that's the way that it goes
And its what nobody knows
And every day my confusion grows
Every time I see you falling
I get down on my knees and pray
I'm waiting for that final moment
You'll say the words that I can't say

I feel fine and I feel good
I feel like I never should
Whenever I get this way, I just don't know what to say
Why cant we be ourselves like we were yesterday
I'm not sure what this could mean
I don't think youre what you seem
I do admit to myself
That if I hurt someone else
Then wed never see just what were meant to be
Every time I see you falling
I get down on my knees and pray
I'm waiting for that final moment
You'll say the words that I cant say

Symbian S60 5th Edition

Symbian的第五版在10/3 released
這版中主要加強的部份是多媒體、網路、可靠度和觸控介面

第五版中優化攝影機的codec(宽螢幕影相儲存能力)。使用者設定參數來調控照片的balance, color and sharpness。次外，第五版包含照片和影片的編攝功能，讓使用者直接在mobile上修改並分享。

隨著寬螢幕 nHD的支援，現在可以使用寬螢幕模式來看照片或影片，支援的影片格式包括MP3, AAC, H.264, Windows Media, Flash Video等。

內建瀏覽器和支援Flash Lite，加上寬螢幕和觸控介面的支援可以令瀏覽網頁更方便。

英名一世?

沒想到現在這麼囧

一直都是學最新的東西

現在居然要學MFC MFC MFC MFC MFC MFC MFC

default constructor

C++中預設建構子就是沒有參數的建構子

一般大多數人都有以下錯誤觀念：
1.class沒有定義預設建構子　compiler就會自動產生一個
2.compiler產生出來的預設建構子中　會為member data設預設值

在C++ standard(ISO/IEC 14882)中說明：
"The implementation will implicitly declare these member functions for a class type when the program does not explicitly declare them, except as noted in 12.1. The implementation will implicitly define them if they are used"

當compiler有需要而又沒有時才會產生出來　所以沒需要時就不會產生

那甚麼時候需要呢!　文件中說明：
"If there is no user-declared constructor for class X, a default constructor is implicitly declared. An implicitly-declared default constructor is an inline public member of its class. A constructor is trivial if it is an implicitly-declared default constructor and if: — its class has no virtual functions (10.3) and no virtual base classes (10.1), and — all the direct base classes of its class have trivial constructors, and — for all the nonstatic data members of its class that are of class type (or array thereof), each such class has a trivial constructor. Otherwise, the constructor is non-trivial."

所以說需要的定義取決於 1.virtual functions, 2.virtual inherited, 3.base class and 4.data members.

1.virtual functions
當一個類別定義virtual functions後，每一個物件都必須有一個virtual function table記錄virtual function的位址，因此compiler會自動擴張物件的data member，產生這個table並且加入一個指標指向這個table。

2.virtual inherited
(待補)

3.base class
當一個class沒有任何預設建構子而它的base class有預設建構子時，那麼必須需呼叫base class的預設建構子，所以compiler自動擴張一個預設建構子，其中呼叫bass class的建構子。

如果存在建構子的話，compiler會擴張建構子做上述事情而不擴張一個預設建構子。文件的解析是由於使用者定義的建構子存在下就不會隱含產生預設建構子。

4.data members
同理。當data member中，存在至少一個物件有預設建構子時。

18

記念一下

我將是公司的第18位RD

創業成功的必要條件

規則#1：擁有一個具爭議性的策略。尋找反直覺的構想，然後執行。如果你照規矩來，你只會流於一般。區別才是關鍵。困難的是，你必須判斷正確。

規則#2：打破商業陳規，但不可用詐騙、說謊或偷竊的方式。這麼做，你將落得眾叛親離，失去忠誠員工對你的信賴。

規則#3：想辦法籌得一些錢，但不要太多。小數目的創業資本會迫使你錙銖必較、節省支出、追求效率，並且努力尋找新的生產途徑。

規則#4：具備一個理想。McNealy說：「人類大都是金錢驅動的，但他們也喜歡有一點精神上的收入。」例如，昇陽創造的開放原始碼學科維基Curriki，就解決了McNealy和他兒子作小學報告所碰到的問題。

規則#5：放手去作，但慎選伴侶。投入你全副的心力和靈魂去開創事業，但請在結婚之前。McNealy直到39歲才結婚，但婚後四個兒子接連出生。他建議：「你一生中最重要的決定就是和誰結婚生子。挑選一個配偶或重要的另一半，或任何你喜歡的伴侶。只要確定你挑了一個好人。這是一個創業者給你的一些實在的技術性建議。」