Oct 30 2008

醉太平·讥贪小利者

Category: 乱up当秘笈ssmax @ 12:24:31

醉太平·讥贪小利者 无名氏

夺泥燕口,削铁针头,刮金佛面细搜求,无中觅有。鹌鹑嗉里寻豌豆,鹭鸶腿上劈精肉,蚊子腹内刳脂油,亏老先生下手!

抄记于 《国家税务总局:买卖虚拟货币将征个人所得税》提出之时。


Oct 29 2008

english。。。

Category: 乱up当秘笈ssmax @ 11:54:01

老外上中文课的笔记
Shall by too dull doll by too jack won,
Dolphin long can jim shall by too low,
Shall by too when dull low, doll car low,
Dolphin long doll ham eason
“More power!”

小白兔到大白兔家玩,
大灰狼看见小白兔了,
小白兔闻到了,逃开了,
大灰狼大喊一声
“莫跑!”


Oct 28 2008

垃圾的建设银行网上银行

Category: 乱up当秘笈ssmax @ 09:44:32

限额都不能自己设定,那弄个动态口令卡和证书来干嘛,垃圾得很。

招商银行同城跨行转账只要2块钱,这个垃圾建设银行竟然要按百分比来算的,垃圾啊垃圾


Oct 24 2008

S.M.A.R.T. 数值的含义

Category: 技术ssmax @ 14:59:48

一般VALUE是当前值,WORST是曾经最差值,THRESH是出厂设定值,如果VALUE接近THRESH(一般就是VALUE小于或者等于THRESH)的时候,而且TYPE是Pre-fail的,就表示硬盘差不多坏了。

 

ATA S.M.A.R.T. Attributes

Each drive manufacturer defines a set of attributes, and sets threshold values beyond which attributes should not pass under normal operation. Each attribute has a raw value, whose meaning is entirely up to the drive manufacturer (but often corresponds to counts or a physical unit, such degrees Celsius or seconds), and a normalized value, which ranges from 1 to 253 (with 1 representing the worst case and 253 representing the best). Depending on the manufacturer, a value of 100 or 200 will often be chosen as the “normal” value.

Manufacturers that have supported at least one S.M.A.R.T. attribute in various products include: Samsung, Seagate, IBM (Hitachi), Fujitsu, Maxtor, Toshiba, Western Digital and ExcelStor Technology.

[edit] Known ATA S.M.A.R.T. attributes

The following chart lists some S.M.A.R.T. attributes and the typical meaning of their raw values. Normalized values are always mapped so that higher values are better (with only very rare exceptions such as the “Temperature” attribute on certain Seagate drives[12]), but higher raw attribute values may be better or worse depending on the attribute and manufacturer. For example, the “Reallocated Sectors Count” attribute’s normalized value decreases as the number of reallocated sectors increases. In this case, the attribute’s raw value will often indicate the actual number of sectors that were reallocated, although vendors are in no way required to adhere to this convention. As manufacturers do not necessarily agree on precise attribute definitions and measurement units, the following list of attributes should be regarded as a general guide only.

Legend
Higher raw value is better Lower raw value is better
Critical Potential indicators of imminent electromechanical failure
ID Hex Attribute name Better Description
01 01 Read Error Rate Indicates the rate of hardware read errors that occurred when reading data from a disk surface. A non-zero value indicates a problem with either the disk surface or read/write heads. Note that Seagate drives often report a raw value that is very high even on new drives, and does not thereby indicate a failure.
02 02 Throughput Performance Overall (general) throughput performance of a hard disk drive. If the value of this attribute is decreasing there is a high probability that there is a problem with the disk.
03 03 Spin-Up Time Average time of spindle spin up (from zero RPM to fully operational [millisecs]).
04 04 Start/Stop Count   A tally of spindle start/stop cycles.
05 05 Reallocated Sectors Count Count of reallocated sectors. When the hard drive finds a read/write/verification error, it marks this sector as “reallocated” and transfers data to a special reserved area (spare area). This process is also known as remapping, and “reallocated” sectors are called remaps. This is why, on modern hard disks, “bad blocks” cannot be found while testing the surface – all bad blocks are hidden in reallocated sectors. However, as the number of reallocated sectors increases, the read/write speed tends to decrease. The raw value normally represents a count of the number of bad sectors that have been found and remapped. Thus, the higher the attribute value, the more sectors the drive has had to reallocate.
06 06 Read Channel Margin   Margin of a channel while reading data. The function of this attribute is not specified.
07 07 Seek Error Rate Rate of seek errors of the magnetic heads. If there is a partial failure in the mechanical positioning system, then seek errors will arise. Such a failure may be due to numerous factors, such as damage to a servo, or thermal widening of the hard disk. More seek errors indicates a worsening condition of a disk’s surface or the mechanical subsystem, or both. Note that Seagate drives often report a raw value that is very high, even on new drives, and this does not normally indicate a failure.
08 08 Seek Time Performance Average performance of seek operations of the magnetic heads. If this attribute is decreasing, it is a sign of problems in the mechanical subsystem.
09 09 Power-On Hours (POH) Count of hours in power-on state. The raw value of this attribute shows total count of hours (or minutes, or seconds, depending on manufacturer) in power-on state.
10 0A Spin Retry Count Count of retry of spin start attempts. This attribute stores a total count of the spin start attempts to reach the fully operational speed (under the condition that the first attempt was unsuccessful). An increase of this attribute value is a sign of problems in the hard disk mechanical subsystem.
11 0B Recalibration Retries This attribute indicates the number of times recalibration was requested (under the condition that the first attempt was unsuccessful). A decrease of this attribute value is a sign of problems in the hard disk mechanical subsystem.
12 0C Device Power Cycle Count   This attribute indicates the count of full hard disk power on/off cycles.
13 0D Soft Read Error Rate Uncorrected read errors reported to the operating system. If the value is non-zero, you should back up your data.
189 BD High Fly Writes (WDC) Fly Height Monitor Improves Hard Drive Reliability. Western Digital’s Fly Height Monitor protects write operations by detecting when a recording head is flying outside its normal operating range. If an unsafe fly height condition is encountered, the write process is stopped, and the information is rewritten or reallocated to a safe region of the hard drive. This constant monitoring process increases the reliability of write operations and reduces the probability of read errors.The new Fly Height Monitor is being implemented in Western Digital’s drives, beginning with the WD Enterprise WDE18300 and WDE9180 Ultra2 SCSI hard drives, and will be included on all future WD Enterprise products.(http://www.wdc.com/en/library/2579-850123.pdf)
190 BE Airflow Temperature (WDC) Airflow temperature on Western Digital HDs (Same as temp. [C2], but current value is 50 less for some models. Marked as obsolete.)
190 BE Temperature Difference from 100 Value is equal to (100 – temp. °C), allowing manufacturer to set a minimum threshold which corresponds to a maximum temperature.(Seagate only?)[citation needed]
Seagate ST910021AS: Verified Present[citation needed]
Seagate ST9120823ASG: Verified Present under name “Airflow Temperature Cel” 2008-10-06
Seagate ST3802110A: Verified Present 2007-02-13[citation needed]
Seagate ST980825AS: Verified Present 2007-04-05[citation needed]
Seagate ST3320620AS: Verified Present 2007-04-23[citation needed]
Seagate ST3500641AS: Verified Present 2007-06-12[citation needed]
Seagate ST3250824AS: Verified Present 2007-08-07[citation needed]
Seagate ST31000340AS: Verified Present 2008-02-05[citation needed]
Seagate ST3160211AS: Verified Present 2008-06-12[citation needed]
Seagate ST3320620AS: Verified Present 2008-06-12[citation needed]
Seagate ST3400620AS: Verified Present 2008-06-12[citation needed]
Samsung HD501LJ: Verified Present under name “Airflow Temperature” 2008-03-02[citation needed]
Samsung HD753LJ: Verified Present under name “Airflow Temperature” 2008-07-15[citation needed]
191 BF G-sense error rate Frequency of mistakes as a result of impact loads[citation needed]
192 C0 Power-off Retract Count Number of times the heads are loaded off the media. Heads can be unloaded without actually powering off.[citation needed] (or Emergency Retract Cycle count – Fujitsu)[citation needed]
193 C1 Load/Unload Cycle Count of load/unload cycles into head landing zone position.[citation needed]
194 C2 Temperature Current internal temperature.
195 C3 Hardware ECC Recovered Time between ECC-corrected errors.[citation needed]
196 C4 Reallocation Event Count Count of remap operations. The raw value of this attribute shows the total number of attempts to transfer data from reallocated sectors to a spare area. Both successful & unsuccessful attempts are counted.
197 C5 Current Pending Sector Count Number of “unstable” sectors (waiting to be remapped). If the unstable sector is subsequently written or read successfully, this value is decreased and the sector is not remapped. Read errors on the sector will not remap the sector, it will only be remapped on a failed write attempt. This can be problematic to test because cached writes will not remap the sector, only direct I/O writes to the disk.
198 C6 Uncorrectable Sector Count The total number of uncorrectable errors when reading/writing a sector. A rise in the value of this attribute indicates defects of the disk surface and/or problems in the mechanical subsystem.
199 C7 UltraDMA CRC Error Count The number of errors in data transfer via the interface cable as determined by ICRC (Interface Cyclic Redundancy Check).
200 C8 Write Error Rate /
Multi-Zone Error Rate
The total number of errors when writing a sector.
201 C9 Soft Read Error Rate Number of off-track errors. If non-zero, make a backup.
202 CA Data Address Mark errors Number of Data Address Mark errors (or vendor-specific).[citation needed]
203 CB Run Out Cancel Number of ECC errors
204 CC Soft ECC Correction Number of errors corrected by software ECC[citation needed]
205 CD Thermal Asperity Rate (TAR) Number of thermal asperity errors.[citation needed]
206 CE Flying Height  ? Height of heads above the disk surface.[citation needed]
207 CF Spin High Current  ? Amount of high current used to spin up the drive.[citation needed]
208 D0 Spin Buzz  ? Number of buzz routines to spin up the drive[citation needed]
209 D1 Offline Seek Performance  ? Drive’s seek performance during offline operations[citation needed]
211 D3 Vibration During Write  ? Vibration During Write[citation needed]
212 D4 Shock During Write  ? Shock During Write[citation needed]
220 DC Disk Shift Distance the disk has shifted relative to the spindle (usually due to shock). Unit of measure is unknown.
221 DD G-Sense Error Rate The number of errors resulting from externally-induced shock & vibration.
222 DE Loaded Hours  ? Time spent operating under data load (movement of magnetic head armature)[citation needed]
223 DF Load/Unload Retry Count  ? Number of times head changes position.[citation needed]
224 E0 Load Friction Resistance caused by friction in mechanical parts while operating.[citation needed]
225 E1 Load/Unload Cycle Count Total number of load cycles[citation needed]
226 E2 Load ‘In’-time  ? Total time of loading on the magnetic heads actuator (time not spent in parking area).[citation needed]
227 E3 Torque Amplification Count Number of attempts to compensate for platter speed variations[citation needed]
228 E4 Power-Off Retract Cycle The number of times the magnetic armature was retracted automatically as a result of cutting power.[citation needed]
230 E6 GMR Head Amplitude  ? Amplitude of “thrashing” (distance of repetitive forward/reverse head motion)[citation needed]
231 E7 Temperature Drive Temperature
240 F0 Head Flying Hours  ? Time while head is positioning[citation needed]
250 FA Read Error Retry Rate Number of errors while reading from a disk
254 FE Free Fall Protection Number of “Free Fall Events” detected [13]


Oct 24 2008

keepalived failover机制的一些探讨

Category: 技术ssmax @ 14:21:56

一般来说keepalived failover它自动实现了的,不用什么设置,在vip和本机真实ip不同的情况下,这个默认的实现方式是能够工作的,但是当vip就是本机真实ip的时候,默认的设置就不能工作了,看了一下文档,估计就是vrrp的包发不出去,一般使用keepalived 都有内外网两个网卡,其实我们只要设置一下vrrp发的网卡和使用ip,就可以解决这个问题。

这个是master的配置,vip就是eth0上面的真实ip。

vrrp_instance LVS_GZ80 {
state MASTER
interface eth0
mcast_src_ip 172.31.31.80
lvs_sync_daemon_inteface eth1
virtual_router_id 55
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass ooxx
}
virtual_ipaddress {
x.x.55.80
}
}

下面就是backup机的设置
vrrp_instance LVS_GZ229 {
state BACKUP
interface eth0
mcast_src_ip 172.31.31.229
lvs_sync_daemon_inteface eth1
virtual_router_id 55
priority 50
advert_int 1
authentication {
auth_type PASS
auth_pass ooxx
}
virtual_ipaddress {
x.x.55.80
}
}

这样子设置,当master的keepalived服务fail了以后,我们能看到backup马上抢到了vip(也是master的真实ip),并且backup机器进入master state,log如下:
Oct 24 13:18:03 localhost Keepalived_vrrp: VRRP_Instance(LVS_GZ229) Transition to MASTER STATE
Oct 24 13:18:04 localhost Keepalived_vrrp: VRRP_Instance(LVS_GZ229) Entering MASTER STATE
Oct 24 13:18:04 localhost Keepalived_vrrp: VRRP_Instance(LVS_GZ229) setting protocol VIPs.
Oct 24 13:18:04 localhost Keepalived_healthcheckers: Netlink reflector reports IP x.x.55.80 added
Oct 24 13:18:04 localhost Keepalived_vrrp: VRRP_Instance(LVS_GZ229) Sending gratuitous ARPs on eth0 for x.x.55.80

当master的keepalived重新起来的时候,vrrp包能发送到backup机上面,backup就把vip重新让出来了。
backup上面可以看到如下log
Oct 24 13:18:22 localhost Keepalived_vrrp: VRRP_Instance(LVS_GZ229) Received higher prio advert
Oct 24 13:18:22 localhost Keepalived_vrrp: VRRP_Instance(LVS_GZ229) Entering BACKUP STATE
Oct 24 13:18:22 localhost Keepalived_vrrp: VRRP_Instance(LVS_GZ229) removing protocol VIPs.

如果没有这样设置的话,当master重新抢到ip之后,backup机并不能从master state进入backup state,在master上的keepalived服务再次fail了以后(master并不是死机,只是服务死了,master仍然占用vip),backup认为自己一直在master状态,并不会发gratuitous ARP包,这样到vip的请求还是回到原来的master。
这种情况下,典型的就是切换恢复以后不能看到上面的log,backup机器仍然运行在master模式。


Oct 24 2008

lvs + keepalived在redhat AS3上面安装的问题

Category: 技术ssmax @ 12:33:25

昨晚两台机器,转发器,一台跑的是lvs+pulse,另外一台是lvs+keepalived,不能热备,切网的时候很麻烦,今天自己装个keepalived试试,tnnd

一般系统里面现在都有ip_vs 模块的了
直接modprobe ip_vs就启动了
关于modprobe的一些操作:
1、modprobe 命令是根据depmod -a的输出/lib/modules/version/modules.dep来加载全部的所需要模块。

2、删除模块的命令是:modprobe -r 模块名

3、系统启动后,正常工作的模块都在/proc/modules文件中列出。使用lsmod命今也可显示相同内容。

4、在内核中有一个“Automatic kernel module loading”功能被编译到了内核中。当用户尝试打开某类型的文件时,内核会根据需要尝试加载相应的模块。/etc/modules.conf或/etc/modprobe.conf文件是一个自动处理内核模块的控制文件。

版本keepalived-1.1.12.tar.gz
然后是标准的Linux源码安装过程:configure→make→make install 。 需要注意的是,在RedHat AS4的系统上安装过程没有问题,但是在AS3的系统上configure编译过程会出错,出错提示如下:

checking openssl/ssl.h usability… no
checking openssl/ssl.h presence… no
checking for openssl/ssl.h… no
configure: error:
!!! OpenSSL is not properly installed on your system. !!!
!!! Can not include OpenSSL headers files. !!!

其实系统安装了openssl,ssl.h文件也没问题,问题在于redhat AS3 把Kerberos includes 放在一个“奇怪”的地方,以致于keepalived的configure程序找不到,只好报openssl安装有问题。解决方法是设置编译环境的CPPFLAGS变量:export CPPFLAGS=-I/usr/kerberos/include ,再次编译就通过了。


Oct 23 2008

开snmpd的记录。。。

Category: 技术ssmax @ 17:33:08

一台台服务器改,好x麻烦。。。

sudo su –
vi /etc/init.d/snmpd

OPTIONS=”-Lsd -Lf /dev/null -p /var/run/snmpd -a -u daemon -g daemon”

vi /home/squid/etc/squid.conf -c /snmp_access
snmp_access allow snmppublic localhost

mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.origin
cat > /etc/snmp/snmpd.conf <


Oct 22 2008

windows 最新防盗版功能

Category: 乱up当秘笈ssmax @ 19:19:50

今天我的黑屏了
仔细一查,是显示器线松了
后来我还发现了,别人的盗版的都一小时黑一次屏,然后大家就能休息一下眼睛,活动活动身体,我感觉微软的设计真的非常人性化,所以我就把自己用的正版卸载了,换盗版的了
太人性化了

每个小时就 可以休息一次,多好。。。连之前介绍的EyeDefender都可以省了。。。


Oct 17 2008

节能。。。

Category: 技术ssmax @ 14:26:15

今天刚搞好freeradius,向总又来说有东西要搞。。。节能。。。tmd老板这么多钱节约个头啊,要晚上把服务器休眠或者关机,然后早上用网卡wake on lan,tnnd这个东西不是每个网卡都支持的,而且网络环境不同,magic wake up的包未必能传送到目标机器啊,郁闷。

ethtool eth0 看看网卡支持什么模式
Supports Wake-on: g
Wake-on: d

一般就是g了,ethtool -s eth0 wol g
写在shutdown脚本或者其它地方,如果bios里面不改好的话好像每次都会改回来的。

wol p|u|m|b|a|g|s|d…
Set Wake-on-LAN options. Not all devices support this. The
argument to this option is a string of characters specifying
which options to enable.
p Wake on phy activity
u Wake on unicast messages
m Wake on multicast messages
b Wake on broadcast messages
a Wake on ARP
g Wake on MagicPacket(tm)
s Enable SecureOn(tm) password for MagicPacket(tm)
d Disable (wake on nothing). This option clears all previous
options.


Oct 16 2008

NoCatAuth 支持每个账号限制一个网卡登陆

Category: 技术ssmax @ 17:09:26

NoCatAuth ,这个和802.1x一起发展来的东西,已经很多年没用更新了,NoCatAuth的好处是不需要配置客户端,基本所有无线的网络都可以使用它来验证,因为它是在网关那里拦截数据,通过iptables之类的防火墙动态建立规则,拦截或者通过用户请求,所以用户能连上wap也不能连上网关以外,防止有人勾线。
不过缺点也很明显,还是做不到所谓的安全wap网络。。。

这两天研究了一下,基本上搭建好了,用mysql,没有管理页面。。。
首先是安装。。。弹出。。。
No supported firewalls detected! Check your path.”
Supported firewalls include: iptables, ipchains, ipf, pf.

因为版本太旧了,检测写死只能在linux核心2.4上面装,改一下检测脚本就好了。。。
vi bin/detect-fw.sh

elif which iptables >/dev/null 2>&1 && \
test X”`uname -sr | cut -d. -f-2`” = X”Linux 2.4″; then
FIREWALL=iptables
FW_BIN=iptables

把Linux 2.4 改成 Linux 2.6,好了,linux上面一般都是用iptables的了

顺便改了一下,让它支持单账号单用户,有多的话就踢人。
主要就是修改gateway的lib/NoCat/Gateway.pm

permit 函数那里加上
sub permit {
my ( $self, $peer, $class ) = @_;
my $fw = $self->firewall( GatewayAddr => $peer->gateway_ip );
my $action;

# delete the same user
while ( my ($token, $pcheck) = each %{$self->{Peer}} ) {
$self->log( 5, “debug User:”, $pcheck->user, ” Mac:”, $pcheck->mac);

if ( $pcheck->user eq $peer->user and $pcheck->mac ne $peer->mac) {
$self->log( 5, “User:”, $pcheck->user, ” Mac:”, $pcheck->mac, ” has been replaced by new Mac:”, $peer->mac);
$self->deny($pcheck);
}
}

但是这样还不够,它是分了子线程出来的,在deny的时候会通知父节点,其实就是用一长串字符串调用pipe,所以deny和permit的操作写到了一起,要把它分开来处理,要修改函数 accept_child,改成下面的样子,增加了split分开每个消息而已。。。

sub accept_child {
my ($self, $listen) = @_;
my $r = read( $listen, my $msg_o, 500_000 ); # arbitrary limit
if ($r) {
my @msgs = split(/InitCmd/, $msg_o);
for my $msg (@msgs) {
next if ( length($msg) eq 0 );

# The child process has news about a peer.
# Parse that info and store it.
my $peer = $self->peer( $self->parse(“InitCmd”.$msg) );
my $action = delete( $peer->{Action} ) || “”;

$self->log( 10, “Got notification $action of peer”, $peer->id );

if ( $action eq DENY ) {
$self->remove_peer( $peer );
} else {
$self->add_peer( $peer );
}
if ( $action eq PERMIT ) {
# Increment this only once per connection.
$self->{TotalConnections}++;

# Note the connection time.
$self->{LastConnectionTime} = scalar localtime;
}
}
} elsif (not defined $r) {
$self->log( 2, “Can’t read from child pipe: $!” );
}

# if $r returned false, but not undef, then the child quit
# normally, but with nothing to say?

$self->pool->remove( $listen );

my $result = $listen->close;
$self->log( 10, “Child process returned $result” ) if $r;
}

这样改好以后重启就可以实现单账号单网卡登陆了,一旦有人盗用你的账号,你就被人踢。。。。郁闷吧,哈哈。
搞了两天估计都是无用功了,要安全。。。那就用最高级的WPA AES吧。。。
明天继续看WPA PEAP 模式登陆,用FreeRadius就可以实现,应该不是太难吧。。。


Next Page »