- root密码多少? loongson
- 如何添加新用户? adduser username
- 怎么修改IP? vim /etc/network/interfaces
- 如何重启网络? /etc/init.d/networking restart
- 如何启动ssh? /etc/init.d/ssh start
- 为啥root账户在/目录下修改,都提示 read only filesystem?因为根分区在挂载时以只读挂载.可以执行 mount / -o remount,rw. 如果以后都想要root在/下可写,可以修改/etc/init.d/discover,把倒数第二行mount的命令注掉即可。 Continue reading »
五 052010
一 122010
要在玲珑电脑上安装qtcreator,发现默认的源,同创的完全连不上,龙梦的没有想要的东西。又从盒子里拷了rays的源还是没有qtcreator。。。。。。
龙芯的源太混乱了,大家都在维护自己的,倒不如都按照debian的标准来做,画地为牢太劳民伤财了,一起努力做好一个源就不错了。
推荐一个现在在用的源,unstable的:
deb ftp://210.51.187.182/loongson2f/sid/ ./
deb-src ftp://210.51.187.182/loongson2f/sid/ ./
deb ftp://210.51.187.182/debian sid main non-free contrib
deb-src ftp://210.51.187.182/debian sid main non-free contrib
十二 242009
1,因为代码是从svn库里先checkout出来的,为了方面使用mercurial,就先做了清理工作。
删除当前目录下的所有.svn文件夹
find . -name “.svn” -type d -exec rm -rfv ‘{}’ \;
. 当前目录下
-name “.svn” 文件/文件夹名称为.svn
-type d 文件类型为文件夹
-exec 执行之后的命令直到 \;
rm -rfv ‘{}’ 删除find命令找到的所有文件夹 , ‘{}’表示使用find的输出做为rm的输入
Continue reading »
十二 032009
折腾了好一阵子,现在基本确定在这里了。因为很早就想自己弄个独立的blog来用,但是因为囊中羞涩都只好忍了。
我的blog生涯很是惨痛,先是用blogspot,没用多久,被封了。于是转战my opera,但是没多久又被封了。无奈之下只好选用国内空间,靠谱一些。
校内和qq空间都用过,但是校内(现在叫人人了)的关键词过滤有点变态,而且还有那可恶的用户协议事件。我在自己的人人网稍微发了个关于人人网用户协议的文章,就立即被删除了。一气之下终于换到百度空间。这里qq空间就不提了,因为自己只是想写些技术和生活相关的事情。 Continue reading »
四 292008
zz from 真水无味 http://sysku.com/blog/post/357.html
微软XP系统下,部分开始运行经典命令
winver———检查Windows版本
wmimgmt.msc—-打开windows管理体系结构(WMI)
wupdmgr——–windows更新程序
wscript——–windows脚本宿主设置
write———-写字板
winmsd———系统信息
wiaacmgr——-扫描仪和照相机向导
winchat——–XP自带局域网聊天
mem.exe——–显示内存使用情况
Msconfig.exe—系统配置实用程序
mplayer2——-简易widnows media player
mspaint——–画图板
mstsc———-远程桌面连接
mplayer2——-媒体播放机
magnify——–放大镜实用程序
mmc————打开控制台
mobsync——–同步命令
dxdiag———检查DirectX信息
drwtsn32—— 系统医生
devmgmt.msc— 设备管理器
dfrg.msc——-磁盘碎片整理程序
diskmgmt.msc—磁盘管理实用程序
dcomcnfg——-打开系统组件服务
ddeshare——-打开DDE共享设置
dvdplay——–DVD播放器
net stop messenger—–停止信使服务
net start messenger—-开始信使服务
notepad——–打开记事本
nslookup——-网络管理的工具向导
ntbackup——-系统备份和还原
narrator——-屏幕“讲述人”
ntmsmgr.msc—-移动存储管理器
ntmsoprq.msc—移动存储管理员操作请求
netstat -an—-(TC)命令检查接口
syncapp——–创建一个公文包
sysedit——–系统配置编辑器
sigverif——-文件签名验证程序
sndrec32——-录音机
shrpubw——–创建共享文件夹
secpol.msc—–本地安全策略
syskey———系统加密,一旦加密就不能解开,保护windows xp系统的双重密码
services.msc—本地服务设置
Sndvol32——-音量控制程序
sfc.exe——–系统文件检查器
sfc /scannow—windows文件保护
tsshutdn——-60秒倒计时关机命令
tourstart——xp简介(安装完成后出现的漫游xp程序)
taskmgr——–任务管理器
eventvwr——-事件查看器
eudcedit——-造字程序
explorer——-打开资源管理器
packager——-对象包装程序
perfmon.msc—-计算机性能监测程序
progman——–程序管理器
regedit.exe—-注册表
rsop.msc——-组策略结果集
regedt32——-注册表编辑器
rononce -p —-15秒关机
regsvr32 /u *.dll—-停止dll文件运行
regsvr32 /u zipfldr.dll——取消ZIP支持
cmd.exe——–CMD命令提示符
chkdsk.exe—–Chkdsk磁盘检查
certmgr.msc—-证书管理实用程序
calc———–启动计算器
charmap——–启动字符映射表
cliconfg——-SQL SERVER 客户端网络实用程序
Clipbrd——–剪贴板查看器
conf———–启动netmeeting
compmgmt.msc—计算机管理
cleanmgr——-垃圾整理
ciadv.msc——索引服务程序
osk————打开屏幕键盘
odbcad32——-ODBC数据源管理器
oobe/msoobe /a—-检查XP是否激活
lusrmgr.msc—-本机用户和组
logoff———注销命令
iexpress——-木马捆绑工具,系统自带
Nslookup——-IP地址侦测器
fsmgmt.msc—–共享文件夹管理器
utilman——–辅助工具管理器
gpedit.msc—–组策略
Mar. 25, 2008
Palamida, an open-source risk management company, believes in open source. But at the same time, its corporate code audits of more than 500 million lines of code has found time and again "specific open-source projects inside mission critical systems that had not been patched" with most recent updates.
Part of the problem? Many companies are unclear both about what programs they’re using, never mind when and how to update them.
As Palamida pointed out in a statement shared with Linux-Watch, "nine out of 10 open-source projects do not have commercial services behind them (such as Red Hat, Novell, etc.) that can push the updates as they appear." Besides that, even companies that do a good job of tracking their open-source software can miss things. Palamida gave an example of one company, which thought it was doing a good job, but it turned out that instead of using 300 open-source projects, they were actually using 835 programs.
The point? Even if you are using an open-source program, like the popular data compression library zlib which does a good job of patching problems, but you don’t know that you’re using zlib, how are you going to keep it up to date? Well, clearly, you’re not.
In the case of some of these programs, you may not actually have a problem. For example, if you’re running Linux from a major distributor such as Ubuntu, you don’t need to worry much about keeping OpenSSH, the secure shell remote control program, current. Ubuntu will do that for you.
On the other hand, Palamida pointed out that you may be using other open-source programs, such as Apache Geronimo, the open-source Java Enterprise Edition server, the BusyBox embedded tool kit or Freetype, a font-rendering engine, and you may be missing their updates.
So what do you do? According to Theresa Bui-Friday, co-founder of Palamida, in an e-mail interview, education comes first, "coupled with an in-house policy that is easy to understand and enforce. While many companies do a good job of tracking some of their open source through various means (from spreadsheets to e-mails), these methods aren’t able to capture the breadth and scope of actual open-source use. Thus, undocumented code is left in the code base which leaves the organization open to vulnerabilities. If you don’t know what you have, you don’t know if it needs patching and can’t effectively mitigate app sec risks."
Next, businesses should "implement an automated solution to regularly audit code." Palamida has several programs that can help with this.
These are IP Amplifier, which is a code-auditing tool and IP Authorizer, which helps ISVs (independent software vendors) make sure they’re using approved code with the right licenses.
For ISVs, "We recommend at each build as the software dev process is so dynamic and fluid. Additionally, once a process has been put into place, we recommend that companies adopt a means for developers to register their open-source code use by receiving approval to use a specific project, say, Zlib, and then downloading the ‘gold version’ of that project, the most stable, up-to-date version, and adding it to what we’ve termed the ‘Golden Vault’ of open source. These would be the approved projects, in their most stable form, collected in a database wherein all of your developers can quickly and easily go to retrieve what they need without trolling the Web for a version that might be vulnerable and might not be on the approved use list," explained Bui-Friday.
If a company is an ISV and facing an emergency, "such as product going to market and a serious flaw may have been found last minute, or an acquisition or a data breach has occurred and you’re trying to find out why," Bui-Friday said "bringing in professionals is the quickest and easiest way to perform a thorough code audit. Due to their high level of expertise and knowledge of the audit process, the professional services arm of our organization can do an audit in three weeks that may take a company three months to handle on [its] own."
"Ideally, though," Bui-Friday continued, "organizations will be equipped to handle audits and we recommend that they start with the applications that mean the most to them, i.e., the areas that cause the most financial, security and business strain if it’s not handled. You do not need to audit everything all at once. You need to prioritize based on business need. It’s important to have a policy in place that outlines regular and complete code audits."
When all is said and done, Bui-Friday said, "We want organizations to be able to do away with incomplete manual processes and protect themselves against app security risks."
While obviously Palamida has its own business interest here, the points the company makes are excellent ones. A company needs to track its open-source programs, both for its own sake and for the sake of its customers. Otherwise it will eventually face a serious operations problem without even being able to understand exactly where the underlying software problem lies.
近期评论