Configure nginx as front-end web server

I’ve been using lighttpd for a long time, it’s faster and stable. But 1.4.x series of lighttpd lacks some features I need: powerful proxy mod, dav_svn mod, real IP extract (as mod_extract_forwarded in apache).

Most of the bandwidth of feuvan.net is contributed to a web game proxy using proxy mod of lighttpd 1.4.13 : http://chaoswar.feuvan.net (official: http://alpha.chaoswar.cn:8080 ), the lighttpd causes many TIME_WAIT connections in high load condition. Therefore, I want to use a powerful proxy like squid to do the proxy work. nginx ( Engine X ) is my selection. Squid is too heavy ;-).

It’s easy to install in debian, just type aptitude install nginx as root. Then I changed lighttpd listening port to localhost:81, and configure nginx to run on 0.0.0.0:80.

nginx.conf:

user www-data;
worker_processes 1;
>
> error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
>
> events {
worker_connections 4096;
use epoll;
}
>
> http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
>
> access_log /var/log/nginx/access.log;
>
> sendfile on;
tcp_nopush on;
>
> keepalive_timeout 35;
tcp_nodelay on;
>
> gzip on;
>
> server {
listen 80;
>
> location / {
proxy_pass http://127.0.0.1:81;
include /etc/nginx/proxy.conf;
}
>
> }
>
> upstream chaoswar_cn {
server alpha.chaoswar.cn:8080;
}
server {
listen 80;
server_name chaoswar.feuvan.net;
>
> location / {
proxy_pass http://chaoswar_cn;
include /etc/nginx/proxy.conf;
}
}
}
>
>

proxy.conf:

proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 30;
proxy_send_timeout 30;
proxy_read_timeout 30;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
>
>

The most content of configure files are copied from nginx wiki, it’s easy to read. And may be I can do more optimizations like static content (picuture) cache ( expire 30d?). But the main purpose of this article is to show you a general whole picture of the proxy function of Nginx.

BTW, nginx is not just a light-weight squid like proxy server! It’s also a HTTP/MAIL Server.

Anyway, I’m still waiting for 1.5.0 release of lighttpd.

See also: nginx, nginx wiki, lighttpd 1.4.x mod_proxy, lighttpd 1.5.x mod_proxy_core

Nginx vs Lighttpd for a small VPS

Microsoft WGA Team Responds to Reported OEM BIOS Hacks

http://blogs.msdn.com/wga/archive/2007/04/10/reported-oem-bios-hacks.aspx

#### Reported OEM BIOS Hacks
>
> I know many of you are aware of reports of hacks that attempt to exploit our OEM BIOS based activation. We’re aware of this type of hack and I wanted to take a minute to describe how these work and how we plan to respond.
>
> First, what is OEM BIOS based activation?
>
> Here’s a little more information on how OEM BIOS based activation works. This form of product activation is also known as OEM Activation or just OA, which is how Microsoft refers to it and how I will refer to it in this post. Back at the launch of Windows XP when Microsoft introduced Windows Product Activation, we recognized that as easy as end-user activation is, it still represented an extra step. In an effort to reduce the impact of even that extra step but maintain the overall effectiveness of product activation, Microsoft worked with OEMs to develop an implementation that would work best for them and their customers while keeping the goals of product activation clearly in focus. As we looked to develop a solution, it was important to ensure that product activation technology could still deliver an acceptable degree of protection, while at the same time, reduce the need for an extra step by the end user. A couple of key factors stand out as enabling the OA 1.0 solution that was delivered in Windows XP.
>
> Large OEMs tend to ship large numbers of PCs with Windows preinstalled. They also have the ability during their manufacturing processes to identify systems that will ship with Windows pre-installed.
>
> Also, because of the direct relationship Microsoft has with those OEMS, the company has a higher degree of confidence that a genuine COA will be attached to each PC and that there will be accurate reporting of the number of units shipped preinstalled with Microsoft Windows.
>
> These factors lead Microsoft and the major OEMs to place a marker in the BIOS of the OEM’s motherboard to identify OEM systems that were to be pre-installed with licensed copies of Windows XP. This marker, which is added to a specific location in the BIOS of the motherboard, enables a copy of Windows XP to look for that known value in the BIOS of the motherboard and, when found, confirm it was booting on a PC that was sold by a specific OEM and licensed to boot Windows.
>
> Not the first time
>
> Over the years we’ve seen examples of BIOS editors that, with some work, allowed people to make an edited BIOS appear to be an OEM BIOS. In Windows XP this kind of BIOS editing wasn’t as difficult as it is in Windows Vista and frankly, because there were easier ways to pirate Windows XP, I don’t think much attention was ever paid to it. However, because Windows Vista can’t be pirated as easily as Windows XP, it’s possible that the increased pressure will result in more interest in efforts to hack the OEM Activation 2.0 implementation.
>
> Windows Vistas OEM Hacks
>
> There appear to be two primary variants of OA 2.0 hacks circulating. One is similar to the XP approach I described above where actual editing of the BIOS on the motherboard is done to make the motherboard appear to be from an OEM. It is a pretty labor-intensive process and quite risky. If you mess up editing the BIOS of any motherboard, you can quite easily render it permanently useless. So while this method works today, it’s potentially hazardous and really doesn’t scale well to large numbers of systems, which makes it less of a threat.
>
> The second variant does not change anything in the BIOS itself, but uses a software-based approach to fool the OS into thinking it’s running on OA 2.0-enabled hardware. And while this method is easier to implement for the end user, it’s also easier to detect and respond to than a method that involves directly modifying the BIOS of the motherboard.
>
> I do want to say something here about how we plan our responses. As I’ve said in the past, we focus on hacks that pose threats to our customers, partners and products. It’s worth noting we also prioritize our responses, because not every attempt deserves the same level of response. Our goal isn’t to stop every “mad scientist” that’s on a mission to hack Windows. Our first goal is to disrupt the business model of organized counterfeiters and protect users from becoming unknowing victims. This means focusing on responding to hacks that are scalable and can easily be commercialized, thereby making victims out of well-intentioned customers.
>
> Published Tuesday, April 10, 2007 6:46 AM by alexkoc
>
>

oscanner starts

I’ve been thinking about rewrite a totally new tool for several months to replace the default cli OVAL scanner provided by OVAL official site. And finally today I decided to totally rewrite a new scanner in C# under Windows which runs on a single workstation. And it’s sure that I promise I won’t use any code from the corp currently I’m working for.

The project is hosted here: http://code.google.com/p/oscanner/

You see, it’s hard to decide a name. The name oscanner means OVAL scanner, or OS scanner, whatever you think of.

I hope the project will help me improve the my coding skills and I’ll contribute it to the OVAL community when it’s suitable.

Features considering:

  • friendly GUI.
  • fast speed.
  • compatiable with OVAL standard.
  • clean and well-commented source
  • as much as possible pure .NET code

Advises are welcome.

Key stroking simulation in Windows Mobile Dev

Let’s talk the topic directly. keybd_event() can send key board events, which is available in WinCE 1.0 and later. The Win32 version of the function is also available in win9x/nt3.1, so it’s toooold. You can also use PostKeybdMessage available after WinCE 2.0.

keybd_event taks four parameters.

VOID keybd_event(
BYTE bVk,
BYTE bScan,
DWORD dwFlags,
DWORD dwExtraInfo
);
>
> bVk
>
> [in] Specifies a virtual-key code. The code must be a value in the range 1 to 254. For a list of virtual-key codes, see Virtual-Key Codes. bScan [in] Specifies a hardware scan code for the key. dwFlags [in] Specifies various aspects of function operation. An application can use any combination of the following predefined constant values to set the flags.
>
> Value
Description
>
> KEYEVENTF_EXTENDEDKEY
If specified, the scan code will be treated as an extended key by giving it a prefix byte having the value 0xE0 (224).
>
> KEYEVENTF_KEYUP
If specified, the key is being released. If not specified, the key is being pressed.
>
> KEYEVENTF_SILENT
If specified, a keystroke is simulated, but no clicking sound is made.
>
> dwExtraInfo [in] Specifies an additional 32-bit value associated with the keystroke.
>

In most conditions, you may only need the first and third parameters.

Virtual-key code:

VK_0 thru VK_9 are the same as ASCII ‘0’ thru ‘9’ (0x30 - 0x39)
VK_A thru VK_Z are the same as ASCII ‘A’ thru ‘Z’ (0x41 - 0x5A)
>
> You can get others from MSDN
>
>

So, this is an simle example of send ‘F’ key press event:

const byte VK_F = 0x46;
>
> keybd_event(VK_F, 0, 0, 0); // key pressed
keybd_event(VK_F, 0, KEYEVENTF_KEYUP, 0); // key released
>
>

see also: MSDN: keybd_event()

Debian GNU/Linux 4.0 released

The long-waited Debian 4.0 finally released.

http://www.debian.org/News/2007/20070408

The Debian Project is pleased to announce the official release of Debian GNU/Linux version 4.0, codenamed etch, after 21 months of constant development. Debian GNU/Linux is a free operating system which supports a total of eleven processor architectures and includes the KDE, GNOME and Xfce desktop environments. It also features cryptographic software and compatibility with the FHS v2.3 and software developed for version 3.1 of the LSB.

Using a now fully integrated installation process, Debian GNU/Linux 4.0 comes with out-of-the-box support for encrypted partitions. This release introduces a newly developed graphical frontend to the installation system supporting scripts using composed characters and complex languages; the installation system for Debian GNU/Linux has now been translated to 58 languages.

Also beginning with Debian GNU/Linux 4.0, the package management system has been improved regarding security and efficiency. Secure APT allows the verification of the integrity of packages downloaded from a mirror. Updated package indices won’t be downloaded in their entirety, but instead patched with smaller files containing only differences from earlier versions.

Debian GNU/Linux runs on computers ranging from palmtops and handheld systems to supercomputers, and on nearly everything in between. A total of eleven architectures are supported including: Sun SPARC (sparc), HP Alpha (alpha), Motorola/IBM PowerPC (powerpc), Intel IA-32 (i386) and IA-64 (ia64), HP PA-RISC (hppa), MIPS (mips, mipsel), ARM (arm), IBM S/390 (s390) and – newly introduced with Debian GNU/Linux 4.0 – AMD64 and Intel EM64T (amd64).

Debian GNU/Linux can be installed from various installation media such as DVDs, CDs, USB sticks and floppies, or from the network. GNOME is the default desktop environment and is contained on the first CD. The K Desktop Environment (KDE) and the Xfce desktop can be installed through two new alternative CD images. Also newly available with Debian GNU/Linux 4.0 are multi-arch CDs and DVDs supporting installation of multiple architectures from a single disc.

Debian GNU/Linux can be downloaded right now via bittorrent (the recommended way), jigdo or HTTP; see Debian GNU/Linux on CDs for further information. It will soon be available on DVD and CD-ROM from numerous vendors, too.

This release includes a number of updated software packages, such as the K Desktop Environment 3.5.5a (KDE), an updated version of the GNOME desktop environment 2.14, the Xfce 4.4 desktop environment, the GNUstep desktop 5.2, X.Org 7.1, OpenOffice.org 2.0.4a, GIMP 2.2.13, Iceweasel (an unbranded version of Mozilla Firefox 2.0.0.3), Icedove (an unbranded version of Mozilla Thunderbird 1.5), Iceape (an unbranded version of Mozilla Seamonkey 1.0.8), PostgreSQL 8.1.8, MySQL 5.0.32, GNU Compiler Collection 4.1.1, Linux kernel version 2.6.18, Apache 2.2.3, Samba 3.0.24, Python 2.4.4 and 2.5, Perl 5.8.8, PHP 4.4.4 and 5.2.0, Asterisk 1.2.13, and more than 18,000 other ready to use software packages.

Upgrades to Debian GNU/Linux 4.0 from the previous release, Debian GNU/Linux 3.1 codenamed sarge, are automatically handled by the aptitude package management tool for most configurations, and to a certain degree also by the apt-get package management tool. As always, Debian GNU/Linux systems can be upgraded quite painlessly, in place, without any forced downtime, but it is strongly recommended to read the release notes for possible issues. For detailed instructions about installing and upgrading Debian GNU/Linux, please see the release notes. Please note that the release notes will be further improved and translated to additional languages in the coming weeks.

wzdftpd.cn starts

According to FreeWizard’s post on ServerTechnology/HaPPYNET BBS, I decided to translate some docu of wzdftpd.
And welcome to wzdftpd.cn.
Note:

  • The site faces to Chinese wzdftpd users.
  • The construction is started yesterday. So a lot of work is to be done.

Faint - Linkin Park

lyrics:

I am a little bit of loneliness
A little bit of disregard
Handful of complaints
But I help the fact
That everybody can see these scars
I am what I want you to want
What I want you to feel
But its like no matter what I do
I can’t convince you
To just believe this is real
So I let go of watching you
Turn your back like you always do
Face away and pretend that I’m not
But I’ll be here cause your all that I’ve got
I can’t feel the way I did before
Don’t turn your back on me
I won’t be ignored
Time won’t tell
There’s damage anymore
Don’t turn your back on me
I won’t be ignored
I am a little bit insecure
A little unconfident
Cause you don’t understand
I do what I can
But sometimes I don’t make sense
What you never want to say
But I’ve never had a doubt
It’s like no matter what I do
I can’t convince you
For once just to hear me out
So I let go of watching you
Turn your back like you always do
Face away and pretend that I’m not
But I’ll be here cause your all that I’ve got
I can’t feel the way I did before
Don’t turn your back on me
I won’t be ignored
Time won’t heal
There’s damage anymore
Don’t turn your back on me
I won’t be ignored
Now!
Hear me out now
Your gonna listen to me like it or not
Right now!
Hear me out now
Your gonna listen to me like it or not
Right now..
I can’t feel
The way I did before
Don’t turn your back on me
I won’t be ignored!!
I can’t feel the way I did before
Don’t turn your back on me
I won’t be ignored
Time won’t tell
There’s damage anymore
Don’t turn your back on me
I won’t be ignored
I can’t feel
I won’t be ignored
Time won’t tell
Don’t turn your back on me
I won’t be ignored

END

I'm a pig

iptables -t mangle -A PREROUTING -s xxx -j ACCEPT
iptables -t mangle -A PREROUTING -s yyy -j ACCEPT
iptables -t mangle -P PREROUTING DROP
iptables -F -t mangle

the stupid steps make myself and all visitors lockout from fvnbox which hosts feuvan.net and some services.

Apologies to http://chaoswar.feuvan.net / zzxy.feuvan.net users!

Google 拼音输入法

http://tools.google.com/pinyin

下载链接:
http://dl.google.com/pinyin/GooglePinyinInstaller.exe

聪明的谷歌拼音输入法五大特色:

  • 智能组句:选词准确率高,能聪明地理解您的意图,短句长句都合适。
  • 流行词汇:整合互联网上的流行词汇、热门搜索一网打尽,词组丰富强大。
  • 网络同步:您可以将使用习惯和个人字典同步在 Google 帐号,一个跟您走的个性化输入法。
  • 一键搜索:拼写输入的同时轻点一键即可快捷搜索。输入法结合搜索框一举两得。
  • 英文提示:打英文时只需输入前几个字母,输入法自动提示您可能要找的单字。

查看全部 »

系统要求
  • Microsoft Windows 2000 SP4 / XP / Vista
  • Internet Explorer 6.0+