在OpenBSD创建OpenSSL分支LibreSSL两个月后,Google宣布了它创建的OpenSSL分支BoringSSL。Google安全团队的Adam Langley在个人博客上说,他们使用了超过70个OpenSSL补丁,部分被接受合并到了OpenSSL主库,但大部分没有。
随着Android、Chrome和其它项目开始需要这些补丁的子集,事情日益变得复杂,要保证所有补丁在不同代码库正常工作需要太多精力。所以他们决定创建OpenSSL分支。
但Google不打算取代OpenSSL,使用BoringSSL的代码不能保证API或ABI的稳定性,他们会继续向 OpenSSL递交bug修正,继续资助Core Infrastructure Initiative和OpenBSD基金会。OpenBSD创始人Theo de Raadt对此表示,有选择总是好的。
由于没有HTC的PC套件,只有自立更生了。自己的总结贴上来(基本是网络搜集,稍微有修改),简单明了,看起来也才不觉得复杂。
一、Nexus S通过usb利用电脑网络上网
1、手机上(android4.0):系统设置-》无线和网络-》更多-》网络共享与便携式热点-》勾上“USB共享网络”(数据线连接着时才能点)。(最好之前把GRPS、3G等关掉。)
2、连接上数据线并勾上“USB共享网络”后,win7会自动装驱动(winxp系统的童鞋自己在网上找驱动),之后win7网络连接里会多出一个本地连接,我们把它改名为“android”。
3、把现有的连接到internet的网络连接(有线和无线都可以)共享给多出来的本地连接“android”(在网络连接属性里设置)。这时win7系统会自动更改“android”的IP为192.168.2.1。
4、在手机里启动超级终端(手机获得root权限及安装busybox工具集和安装超级终端的方法请自己google)。在超级终端里输入su(也可以设置超级终端默认启动就root了,就不会输入su了,直接下面的)
#busybox ifconfig rndis0 192.168.2.129 netmask 255.255.255.0
#busybox route add default gw 192.168.2.1
(rndis0是nexus S在android4.0下usb本地连接的网卡名称,大家可以busybox ifconfig看看是不是)
到此,手机已经可以通过电脑的网络上网了。
(PS: 在超级终端的两行命令也可以做成脚本用GScript运行,就更方便了,usb插上,按第一步设置一下,再运行一下脚本就OK了) Continue reading »
Time is money. This somewhat shallow and overused saying fits perfectly well into any on-line business. Users are impatient and every millisecond brings them closer to leaving your website.
If you’ve ever been trying to squeeze more out of hardware you must have come across Nginx (engine x). Nginx usually appears in context of PHP-FPM (FastCGI Process Manager) and APC (Alternative PHP Cache). This setup is often pitched to be the ultimate combo for a web server but what that really means? How much faster a PHP application is going to be on a different web server? I had to check it and the answer as often is – that depends.
I benchmarked three different types of PHP software:
– Large application based on Zend Framework 1
– Small PHP script
– WordPress
The software was hosted on Amazon EC2 large instance. All benchmarks were run from EC2 Tiny instance to be as close as it possible to the web server.
To make sure I benchmark web servers instead of disk I/O I set all logs to go to memory (/dev/shm). PHP sessions were directed to memcached.
Both servers were using Zend Optimizer Plus with opcache.revalidate_freq set to 1 hour. I use Zend Optimizer because APC wasn’t stable for me with PHP 5.4.x.
If you aren’t familiar with PHP accelerators they convert PHP scripts into byte code and keep them in shared memory. That brings significant boost of performance (40-90%) because PHP scripts don’t have to be read from a disc and parsed on every request. Using the accelerator helped me removing I/O from the equation.
It’s very important to make sure Apache won’t read .htaccess. You can achieve it by setting Allow Overwrite to none. Parsing htaccess in real time will drop performance on the Apache side. It’s recommended to not use this file in production environment. Continue reading »
中国对Google的封锁已经持续了两周时间,至今没有解封的迹象。官方对此没有任何解释,而Google也十分低调,没有公开指责,只是声明问题不是出在Google这边,它的透明度报告称自5月31日以来所有产品都出现了流量中断。
屏蔽Google影响了许多人,大陆只有3%的网络流量是流向国外,而其中Google是最主要的目的地。
中国外国语大学新闻学教授展江(Zhan Jiang)表示,封锁Google使他很难下载教学材料。他说,即使是通常支持政府的人也认为这是一种闭关锁国的行为。他认为,封锁可能是中美关系的一种指示,如果两国关系升温,那么封锁会解除。
一位使用Google搜索寻找设计灵感的设计者说,如果中国公司能提供和Google一样好的服务,他不会反对审查,“我能理解政府的看法——中国有着复杂的国情,稳定非常重要。”
Most administrators know that PHP, the widely used scripting language, can be embedded in HTML and works with all major web servers. What’s less widely known, however is that you can run PHP in different ways on your server. The most common option is the mod_php module that’s runs by default in the Apache HTTP Server. If your primarily goal is performance, however, you should consider other options. PHP-FPM (FastCGI Process Manager) and PHP FastCGI each have pros and cons, but either can speed up the performance of your PHP.
Let’s start by looking at running Apache with mod_php. This package is present in just about every Linux distribution’s repository, so installing it is easy, and so is configuring and managing the software. In fact, its ease of use may be the main reason to deploy mod_php.
With mod_php the PHP interpreter is “embedded” inside the Apache process; Apache doesn’t call any external PHP process, which means that Apache and PHP can communicate better. However, every single Apache child must load mod_php, which results in a bigger process than necessary being used for serving static resources such as image files, CSS, and JavaScript.
Another problem with this method is that it works only on Apache. This is not always an issue, as Apache is the most complete web server you can find, but websites that run on small virtual private servers (VPS), or big sites that have to serve million of pages a day, might want a different web server that can scale up or down better than Apache, and would therefore need a different way to run PHP too.
Pros:
Cons:
我在网上查fastcgi与php-fpm的关系,查了快一周了,基本看了个遍,真是众说纷纭,没一个权威性的定义。
网上有的说,fastcgi是一个协议,php-fpm实现了这个协议; 有的说,php-fpm是fastcgi进程的管理器,用来管理fastcgi进程的; 有的说,php-fpm是php内核的一个补丁; 有的说,修改了php.ini配置文件后,没办法平滑重启,所以就诞生了php-fpm; 还有的说PHP-CGI是PHP自带的FastCGI管理器,那这样的话干吗又弄个php-fpm出来,我就更晕了;
发个贴,想听听大家的理解,网上的我都已经看了个遍,因为我查了一周了,哈哈,所以想听听原创的理解。
======
刚开始对这个问题我也挺纠结的,看了《HTTP权威指南》后,感觉清晰了不少。
首先,CGI是干嘛的?CGI是为了保证web server传递过来的数据是标准格式的, Continue reading »
OpenSSL项目披露了多个新安全漏洞,包括允许中间人攻击的漏洞和允许执行代码的漏洞。其中中间人攻击漏洞与ChangeCipherSpec(CCS)实现不正确有关,它在OpenSSL 1998年发布的早期版本中就已经存在,至今已有16年历史,影响目前的所有版本,但严重程度并不高,因为攻击者拦截和解密加密流量需要客户端和服务器端都运行存在漏洞的OpenSSL,而浏览器并不包含OpenSSL。
该漏洞的发现者是日本研究员Masashi Kikuchi,他在博客上介绍了发现经过,认为OpenSSL项目存在一个超过16年的漏洞的最主要原因是代码审查不充分,缺乏有经验的TLS/SSL专家。
Continue reading »
北京时间6月4日早间消息,谷歌周二发布了一个新的Chrome浏览器扩展的源代码,可以方便用户对电子邮件进行加密,使得美国国家安全局(以下简称“NSA”)等情报机构的监听难度大幅增加。这款名为End-to-End的加密工具使用OpenPGP开源加密程序编写,可以在用户的电子邮件离开浏览器后对其加密,直到被收件人解密。
该工具还可以方便用户读取发送到其电子邮件服务器中的加密信息。不过,发送和接受邮件的双方都需要使用End-to-End或其他加密工具,才能令该系统真正发挥作用。
此举将对NSA的监听行为构成重大打击。尽管过去20年已经出现过众多加密技术,但PGP和GnuPG等端对端邮件加密技术仍然需要大量人员的介入,而且需要很强的技术能力。NSA也经常利用人为错误来破解加密信息。
“政府不能越权,这一点很重要。”谷歌首席安全官埃里克·格罗斯(Eric Grosse)说,“我们不希望任何政府破坏互联网安全。”
谷歌的新工具可以加大NSA及其他情报机构的工作难度。虽然端对端加密无法彻底消除信息被黑客或情报机构拦截的风险,但却会迫使他们直接入侵用户电脑读取信息,而无法在发送过程中获取。 Continue reading »