Excel·lent guia sobre com eliminar serveis no necessaris a Windows
[ Xavier Cababllé ] Minimizing Windows network services. Examples with Windows 2000 and Windows XP és una excel·lent guia pas a pas on s’explica com eliminar alguns dels serveis que Windows inicia automàticament i que sovint no són necessaris. D’aquesta forma es redueixen les possibilitats que la nostra màquina Windows sigui compromesa.
Groovy: simplificant Java
Groovy és un llenguatge que usa les APIs de Java però que simplifica la programació al màxim. Sembla que no esta malament algún dia li podria donar un cop d’ull. També he trobat un article d’IBM que en fa una petita introducció, sembla molt senzill realment.
A O’Reilly Network es va publicar no fa massa un codi fet en Groovy que servia per crear un lector de feeds (tipus liferea) que treballava contra les APIs de bloglines. Això et pot interessar pof. L’article: A Complete Bloglines API Application ( versió imprimible )
Si algú l’ha provat o l’arriva a provar que avisi que tinc curiositat de saber fins on arriba la implementació de la API o del paquet de classes de java millor dit.
Treballant amb cookies de sessió i PHP
A vegades necessitem parlar amb una web des de PHP i aquesta usa cookies de sessió sense les quals no podem parlar amb la web. Per agafar la cookie d’inici de sessió podem usar aquesta funció:
function getgaleta($server, $port)
{
$cont = "";
$ip = gethostbyname($server);
$fp = fsockopen($ip, $port);
if (!$fp)
{
return "Unknown";
}
else
{
$com = "GET http://www.barcelonastyle.com/gc/web/webesp/framesetxsl.asp HTTP/1.0rnrn";
fputs($fp, $com);
while (!feof($fp))
{
$cont .= fread($fp, 500);
}
fclose($fp);
return substr($cont, strpos($cont, "Set-Cookie: ")+12, 45);
}
}
Si ara que ja tenim la cookie el que volem fer és usar-la per fer peticions contra el site, podem usar aquesta altre funció:
function getcontent($server, $port, $file,$galeta)
{
$cont = "";
$ip = gethostbyname($server);
$fp = fsockopen($ip, $port);
if (!$fp)
{
return "Unknown";
}
else
{
$com = "GET http://".$server.$file." HTTP/1.0rnCookie:".$galeta."rnrn";
fputs($fp, $com);
while (!feof($fp))
{
$cont .= fread($fp, 500);
}
fclose($fp);
return $cont;
}
}
Tonto però útil, tinc moltíssimes més funcions però tampoc és qüestió de marejar, només que les he trobat útils aquestes junt amb les dues anteriors.
Un parell de funcions que us poden ser útils
Porto uns quants dies que crec que estic deixant de ser humà m’acaba de trucar la Daphne i semblava un mussol. No era capaç de lligar una frase amb cara i ulls. Què té a veure això amb el codi que posa més avall? doncs que estic programant una especie de webspider o robot o diga-li com vulguis per un tema de Downcenter, per tal de nutrir d’informació la BBDD del proper software que surt l’1 de desembre.
Com que no puc explicar més detalls del que estic programant em limitaré a enganxar un parell de funcions que poden ser útils a més d’un que estigui programant en PHP. Segur que sabeu que quan accediu a un formulari HTML i aquest llença una petició la URL que s’envia, com es pot comprobar a la barra de direccions del navegador, agafa una forma rara. O sigui, els espais passen a ser símbols “+” i els caràcters ASCII extesos, per sobre el codi 127, es codifiquen en codis hexadecimals.
Doncs bé aquestes funcions el que fan és precisament això, els passes una cadena, per exemple, una URL en forma de 8 bits normal i corrent i te la converteix en el format que comentava anteriorment. L’altre funció el que fa és alrevés, passa de format codificat a normal. Espero que us sigui tan útil com ho ha estat per mi.
function cadenaNormal2Hex ($cadena) {
// Canviem simbols Hex del mig de la cadena
$llarg = strlen($cadena);
for ($i=0;$i<$llarg;$i++) {
$numascii=ord($cadena[$i]);
if ( $numascii>127 ) { // És text pla (???)
$car=strtoupper(dechex(ord($cadena[$i])));
$cadena = substr_replace ($cadena,"%".$car,$i,1);
}//if
}//for
// Canvia el + per l'espai
while ($pos = strpos($cadena," ")) {
$cadena = substr_replace ( $cadena, "+", $pos,1);
} //while
return $cadena;
} // function
function cadenaHex2Normal ($cadena) {
// Canvia el + per l'espai
while ($pos = strpos($cadena,"+")) {
$cadena = substr_replace ( $cadena, " ", $pos,1);
} //while
// Canviem simbols Hex del mig de la cadena
while ( $pos = strpos($cadena,"%") ) {
$codi=substr($cadena,$pos+1,2);
$car=chr(hexdec($codi));
$cadena = substr_replace ($cadena,$car,$pos,3);
}//while
return $cadena;
} // function
XML & DocBook: Structured Technical Documentation Authoring
XML is short for Extended Markup Language and is a subset of SGML, the Standard Generalized Markup Language. XML is an HTML-like formatting language. Whereas most HTML-related formats developed in the past adopted the “be conservative in what you send and liberal in what you receive” attitude, XML takes the opposite approach–documents should be 100% compatible. This compatibility is known as “well-formedness” of an XML document. To this end, even when the goal is clear, a document is rejected if it does not follow XML specifications to the fullest extent. In terms of practicality, this approach guarantees interoperability in the long run. Unlike HTML, which is the standard groupname for a lot of sub-protocols that are slightly different and not fully interoperable with one another, the strictness of XML ensures compatibility. XML also improves security dramatically, because there is only one way to interpret expressions, a way on which everybody agrees.
DocBook is an XML Document Type Definition or DTD. It is a subset of XML particularly suited for but not limited to the creation of books and papers about computer hardware and software. DocBook is well-known in the Linux community and is used by many publishing companies and open-source development projects. Most tools are developed for the DocBook DTD and are included in most Linux distributions. This allows for sending raw data that can be processed at the receiver’s end–wherever applications able to interpret XML directly are available.
The important thing to keep in mind is XML and DocBook let authors focus on content. In that sense, the presence of the word “markup” in the definition of XML is misleading. With XML, authors specify what type of data they are including, such as text explanations, command names, tables or images. How the content is formatted, laid out and displayed should not be their concern. From a single source, the receiver might generate PDF, PS, plain text, HTML and many other representations of the content.
Another advantage is DocBook XML files are written in plain text. Although many editors are available, such as oXygen and XMLmind, advanced DocBook users easily can write the source texts using vim, Emacs or any other text editor.
Publicat al Linux Journal: XML & DocBook: Structured Technical Documentation Authoring
Understanding and Attacking DNS
The Domain Name System (DNS) is a distributed resource used by most every network application. DNS data is generally trusted implicitly; false data therefore can jeopardize the integrity of network traffic and allow attackers to play manin- the-middle with all traffic. DNS security depends on the client, server, and their respective trust relationship. Securing the trust relationship and building a reliable server can create a reliable and secure DNS structure for the system administrator behind your corporate and private communication requirements. Security of a DNS server varies according to its active role and name resolution requirements. Server responsibilities can be classified as one of three types. Depending on the need of the server, one specific role should be chosen; in particular situations, multiple roles can be supported simultaneously on one physical server. In this shared configuration, authoritative and resolver servers are generally together. Running an individual server for each DNS role is ideal, specifically in a large production environment. After understanding the individual roles and mechanics between each server and experiencing problems individually, an administrator can securely and reliably maintain multiple DNS roles on a single system. DNS security is custom for each type of server, each type of communication, and each common software distribution, all of which will be explained in this article via an in-depth walkthrough.