不過如果你都有其他好既建議, 不防在這裡同大家分享一下.

[ 本文最後由 Joe Ho 於 2010-3-9 10:24 PM 編輯 ]

已知問題:

It’s a hard time when system date is not same as local time, normally when you read system log. Slitaz is lack of timezone data file because of its [...]]]> 近日發現 Slitaz 內缺少了大部份地方既時區資料 (當然包括香港在內), 時區不同最主要既影響就是系統紀錄內既時間出現時差. 解決方法非常簡單, 只要從其他 linux distro 內將適當既時區資料檔從 /usr/share/zoneinfo 抄回 slitaz 相同既地方. 修改 /etc/TZ, 更新為新的時區檔案位置. 最後執行 hwclock -s -l 便可. 小弟已從 Ubuntu 9.10 內抄出全部時區資料, 有興趣既朋友可到下列網址下載:

It’s a hard time when system date is not same as local time, normally when you read system log. Slitaz is lack of timezone data file because of its tiny size. The simple way to solve this problem is copy the proper timezone file from other linux distro, files are located /usr/share/zoneinfo, and place it to the same places in Slitaz. Modify the /etc/TZ, replace UTC to the new location of timezone file. I extracted the timezone files from Ubuntu 9.10. Hope it useful to you.

下載 (Download):
http://www.joe-ho.com/?attachment_id=1487

一次難忘的生日

MA 字頭係第一代 MB 字頭係第二代 MC 字頭係第三代

ZP 字尾係是香港行貨 CH 字尾係中國 L  字尾係美國 B  字尾係英國 T  字尾係意大利 X  字尾係澳洲、新西蘭

另外，亦可從機身分辦 在背面，第三代在容量的刻字下方會有兩、三行文字。第二代則有四行以上的文字。

In order to continue to improve our products and deliver more sophisticated features and performance, we are harnessing some of the latest improvements in web browser technology. This includes faster JavaScript processing and new standards like HTML5. As a result, over the course of 2010, we will be phasing out [...]]]> Dear Google Apps admin,

In order to continue to improve our products and deliver more sophisticated features and performance, we are harnessing some of the latest improvements in web browser technology. This includes faster JavaScript processing and new standards like HTML5. As a result, over the course of 2010, we will be phasing out support for Microsoft Internet Explorer 6.0 as well as other older browsers that are not supported by their own manufacturers.

We plan to begin phasing out support of these older browsers on the Google Docs suite and the Google Sites editor on March 1, 2010. After that point, certain functionality within these applications may have higher latency and may not work correctly in these older browsers. Later in 2010, we will start to phase out support for these browsers for Google Mail and Google Calendar.

Google Apps will continue to support Internet Explorer 7.0 and above, Firefox 3.0 and above, Google Chrome 4.0 and above, and Safari 3.0 and above.

Starting this week, users on these older browsers will see a message in Google Docs and the Google Sites editor explaining this change and asking them to upgrade their browser. We will also alert you again closer to March 1 to remind you of this change.

In 2009, the Google Apps team delivered more than 100 improvements to enhance your product experience. We are aiming to beat that in 2010 and continue to deliver the best and most innovative collaboration products for businesses.

Thank you for your continued support!

Sincerely,

The Google Apps team

Email preferences: You have received this mandatory email service announcement to update you about important changes to your Google Apps product or account.

Google Inc.

1600 Amphitheatre Parkway

Mountain View, CA 94043

Imperva studied the breached passwords and has published an [...]]]> If you are using “123456″ as your password it is past time to stop. Same if you are using the always popular “Password” to protect your account. Those easy-to-hack passwords were the top and fourth most-popular from among 32 million hacked from RockYou.com, a new study finds.

Imperva studied the breached passwords and has published an interesting study that talks about them. While “Consumer Password Worst Practices” isn’t about us supposedly savvy business users, as an occasional system administrator I’ve run into both 123456 and Password on many occasions.

Here are the top passwords Imperva found among those compromised in the attack (they were posted online, without identifying details, for the world to see–and analyze):

1. 123456
2. 12345
3. 123456789
4. Password
5. iloveyou
6. princess
7. rockyou
8. 1234567
9. 12345678
10. abc123

If any of those look too familiar, please stop reading this story and change your password now. All these passwords are easy to crack using simple brute-force automated methods. And with the list now published, they are likely to move to the top of everyone’s list of those to try first when attempting to crack an account manually.

“To quantify the issue, the combination of poor passwords and automated attacks means that in just 110 attempts, a hacker will typically gain access to one new account on every second or a mere 17 minutes to break into 1000 accounts,” Imperva said in its report.

Among its key findings:
About 30 percent of users chose passwords whose length is equal or below six characters.
Moreover, almost 60% of users chose their passwords from a limited set of alpha-numeric characters.
Nearly 50% of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, and so on).

If it makes you feel any better, a similar study of hacked Hotmail passwords from 20 years ago found much the same thing.

Imperva provides a list of password best practices, created by NASA to help its users protect their rocket science, they include:
It should contain at least eight characters
It should contain a mix of four different types of characters – upper case letters, lower case letters, numbers, and special characters such as !@#$%^&*,;” If there is only one letter or special character, it should not be either the first or last character in the password.
It should not be a name, a slang word, or any word in the dictionary. It should not include any part of your name or your e-mail address.

Following that advice, of course, means you’ll create a password that will be impossible, unless you try a trick credited to security guru Bruce Schneir: Turn a sentence into a password.

For example, “Now I lay me down to sleep” might become nilmDOWN2s, a 10-character password that won’t be found in any dictionary.

Can’t remember that password? Schneir says it’s OK to write it down and put it in your wallet, or better yet keep a hint in your wallet. Just don’t also include a list of the sites and services that password works with. Try to use a different password on every service, but if you can’t do that, at least develop a set of passwords that you use at different sites.

Someday, we will use authentication schemes, perhaps biometrics, that don’t require so much jumping through hoops to protect our data. But, in the meantime, passwords are all most of us have, so they ought to be strong enough to do the job.

And don’t even try 654321 or Qwerty–19th and 20th on Imperva’s list– OK?

(Here’s a story we did in early 2009 on how to protect your passwords and another with tips on creating strong passwords).

1. Google failed in China

Google’s China operations contribute a small fraction of the company’s overall revenue – [...]]]> From Silicon Valley to Zhongguancun, Google’s surprise announcement that it may pull out of China has fueled an enormous amount of discussion in recent days, not all of it 100% accurate. Below are some misstatements and misunderstandings we’ve seen:

1. Google failed in China

Google’s China operations contribute a small fraction of the company’s overall revenue – the company doesn’t disclose the amount, but analysts estimate it was a few percent of its total $21.8 billion in 2008 revenue, or several hundred million dollars. But Google has made significant progress in China in recent years, raising its share of the Internet search market to roughly 36% in the fourth quarter of 2009 from 13% when it started its Chinese-language google.cn site in early 2006, according to data from research firm Analysys International.

Many other foreign companies doing business in China would gladly forgo big profits in the short term for comparable market-share growth in China—especially in an industry where China has more users than any other country (384 million according to the latest statistics). Google has also been particularly popular among the highly sought-after demographic of young, educated, white-collar urban professionals. The company’s powerful brand of business and ethics (“don’t be evil) has also earned it a fair amount of good will among Chinese Internet users, many of whom are now mourning its (still uncertain) fate. While rival Baidu still has a much larger 58% share of the search market, its brand has suffered as a result of scandals involving paid results and allegations of censorship of sensitive news stories.

Google doesn’t say if it’s profitable in China, but there’s certainly no reason to assume it’s not. Baidu, its chief rival, reported net profit of about $153 million on revenue of $468 million for 2008, when it said it had 6,387 employees. Google’s revenue would have perhaps half or two thirds that amount, but it likely has a much lower cost base in China than Baidu, since Google is believed to employ well under 1,000 employees in the country, and can use technology developed by its U.S. headquarters.

2. Google.com is not accessible in China

Before Google introduced its China-specific search engine, Google.cn, in 2006, its global site Google.com was subject to periodic blocking in China. But for the last four years, Google.com has been almost always accessible to users in China.

However, the fact that Google.com can be accessed from China doesn’t mean that Internet users can get to forbidden content listed in the site’s search results. Links to sites that are blocked in China will still return error messages or time out when they are clicked. (In contrast, Google’s Chinese search engine, Google.cn, will filter out links to sites that don’t comply with Chinese laws and regulations.)

And of course, given the unpredictability of China’s Web restrictions, there’s no guarantee that Google.com will continue to be available to users inside China, at least not without “scaling the wall.”

3. Google has Gmail servers in China

Some reports have said that the reason Chinese hackers were able to access Gmail accounts is that Google has email servers physically located in China. This is not the case. Google says it has no email servers in the country.

Indeed, Google has said keeping its servers out of China was a deliberate move to help protect user information. When the company announced its plans to launch google.cn in January 2006, executives said one of the safeguards it planned to use to protect user interests was that it wouldn’t host user-generated content like email and blogs on servers in China.

Google had reason to be careful. In 2005, there was widespread outcry among rights activists and the U.S. government after Yahoo turned over user information to the Chinese government, which was used as evidence to sentence journalist Shi Tao to 10 years in prison. Yahoo said that, because its Chinese mail servers were inside China, the company felt compelled to comply with the authorities’ request.

4. Google.cn search results are already uncensored

After Tuesday’s announcement, Web users ran amok on Google.cn, looking up sensitive terms such as “Tiananmen 1989,” “tank man,” and even “sensitive words.” But many have been disappointed with the results, as searches for these terms still turned up the familiar disclaimer that “in accordance with local laws and regulations, a portion of the search results are not displayed.”

Google says that it hasn’t yet started to remove content filters on Google.cn, a process that could take weeks.

How to explain the images of tank man and links to sites about the Dalai Lama found via Google.cn? Many of the searches yielding fruitful results appear to have been conducted in English, a trick that often turns up fuller results on Google.cn than a search for the same term in Chinese. (To see what we mean, compare these Google.cn results for “Dalai Lama” in English and Chinese).

5. Google has identified Chinese dissidents as the targets of cyber attacks

Since Google revealed that it has been the target of cyber attacks, and that it had identified two Gmail accounts that had been compromised, a number of prominent Chinese activists have reported that their Gmail accounts have been hacked, in some cases repeatedly. Google says that these intrusions were not part of the larger, sophisticated attack on its security infrastructure, but likely the result of more pedestrian phishing scams or malware.

6. Google has already shut down its business in China

On Friday, Ministry of Commerce spokesman Yao Jian said that neither MOC nor the Beijing Municipal Commission of Commerce had received any information from Google about a planned withdrawal of its investment. A person close to Google also denied rumors that Google employees in China have ceased to report for work.

–Sky Canaves

Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to [...]]]> 最近谷歌離開中國既新聞已經令事件轉化為全球既焦點, 現在想將資料整理及分享.

Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident–albeit a significant one–was something quite different.

First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses–including the Internet, finance, technology, media and chemical sectors–have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.

Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.

Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users’ computers.

We have already used information gained from this attack to make infrastructure and architectural improvements that enhance security for Google and for our users. In terms of individual users, we would advise people to deploy reputable anti-virus and anti-spyware programs on their computers, to install patches for their operating systems and to update their web browsers. Always be cautious when clicking on links appearing in instant messages and emails, or when asked to share personal information like passwords online. You can read more here about our cyber-security recommendations. People wanting to learn more about these kinds of attacks can read this Report to Congress (PDF) by the U.S.-China Economic and Security Review Commission (see p. 163-), as well as a related analysis (PDF) prepared for the Commission, Nart Villeneuve’s blog and this presentation on the GhostNet spying incident.

We have taken the unusual step of sharing information about these attacks with a broad audience not just because of the security and human rights implications of what we have unearthed, but also because this information goes to the heart of a much bigger global debate about freedom of speech. In the last two decades, China’s economic reform programs and its citizens’ entrepreneurial flair have lifted hundreds of millions of Chinese people out of poverty. Indeed, this great nation is at the heart of much economic progress and development in the world today.

We launched Google.cn in January 2006 in the belief that the benefits of increased access to information for people in China and a more open Internet outweighed our discomfort in agreeing to censor some results. At the time we made clear that “we will carefully monitor conditions in China, including new laws and other restrictions on our services. If we determine that we are unable to achieve the objectives outlined we will not hesitate to reconsider our approach to China.”

These attacks and the surveillance they have uncovered–combined with the attempts over the past year to further limit free speech on the web–have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.

The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success it is today. We are committed to working responsibly to resolve the very difficult issues raised.

Update: Added a link to another referenced report in paragraph 5.