c++编译工具链

1. gcc

yum -y install gcc automake autoconf libtool make

安装g++:

yum install gcc gcc-c++

2. protobuf

protobuf-2.4.1.tar.gz

./configure –prefix=/usr/local/protobuf
 make
 make check
 make install
sudo vim /etc/profile
 添加
export PATH=$PATH:/usr/local/protobuf/bin/
export PKG_CONFIG_PATH=/usr/local/protobuf/lib/pkgconfig/
保存执行
source /etc/profile

3. google 库文件,将google的库文件路径添加到gcc 编译路径

1).加到gcc的环境变量 C_INCLUDE_PATH, CPLUS_INCLUDE_PATH, OBJC_INCLUDE_PATH

2).放到系统默认目录
/usr/include
/usr/local/include

我们选择直接拷贝protobuf 生成的目录 includegoogle  到 /usr/local/include 下

4. zlib

编译时提示:”/usr/bin/ld: cannot find -lz”

解决:去lib64目录下看是有libz  相关库的,根据好使的环境比对,猜测是缺少特定的连接

# ln -s libz.so.1 libz.so

编译ok…

 

centos7配置samba

  1. 开放端口
    确认自己本地的iptable 或者firewalld,打开对应的端口。
    如果是阿里云,还要开启对应ecs的安全组端口配置。
    建议:
    UDP 137-138
    TCP:139 445
  2. 确认SELinux的相关权限设置
    在没搞明白之前,先关闭,等调试通了后再开启,根据相关的问题来配置。不建议粗暴的关闭。
  3. 安装 samba
yum install samba
systemctl enable smb
systemctl start smb
  1. 创建用户

– 创建用户组
groupadd dev
– 创建用户
useradd -g dev aaa
– 设置用户的密码
passwd aaa
– 将用户添加到samba账号中
smbpasswd -a aaa
5. 配置samba
/etc/samba/smb.conf
参考配置:

# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.

[global]
        workgroup = SAMBA
        security = user

        passdb backend = tdbsam

        printing = cups
        printcap name = cups
        load printers = yes
        cups options = raw
        map to guest = Bad User
        log file = /var/log/samba/log.%m
[homes]
        comment = Home Directories
        browseable = no
        writable = yes
[public]
        comment = Public Stuff
        path = /data/share
        public = yes
[dev]
        comment = developer
        path = /dev
        valid users = @dev
  1. 参考
    https://www.cnblogs.com/muscleape/p/6385583.html
    https://wiki.centos.org/HowTos/SetUpSamba

使用Sublime Text3+Ctags+Cscope替代Source Insight

参考:https://www.zybuluo.com/lanxinyuchs/note/33551

说明:以Windows系统下查看C++代码为例。因为Source Insight(以下简称SI)是收费软件,且界面丑陋,所以考虑其替代方案,发现Sublime Text3(以下简称ST3) + Ctags + Cscope 可以取得很好的效果。使用ST3基本可以实现全键盘操作,同时它又没有学习Vim的陡峭曲线。

安装方法

1. 安装Package Control for ST3

 https://packagecontrol.io/installation

2. 安装Ctags插件

(1) 通过 Preference -> Package Control -> Install Package安装Ctags插件
(2) 下载 Ctags.exe, 通过 Preference -> Package Settings -> Ctags -> Settings Default 中的内容拷贝到 Setting User中,将 command": "" 中的 "" 填入Ctags.exe的路径位置
(3) 在工程根目录上点击右键,选择Ctags:Rebuild tags

3. 安装Cscope插件

(1) 通过 Preference -> Package Control -> Install Package安装Cscope插件
(2) 下载 Cscope.exe, 并在工程根目录下生成cscope.out文件
(3) 打开CscopeSublime.sublime-settings文件(可能需要添加到 Package -> User 目录下),将 "executable": "" 中的"" 填入Cscope.exe的路径位置,将 "database_location": "" 中的 ""填入cscope.out的路径位置

功能实现:

(1) 对于symbol函数的定义查询,ST3自带此功能Go to Definition,且搜索结果有多个时可以预览,不用跳转到另一个文件。Ctags也有此功能navigate_to_definition,搜索结果比ST3要准确一些,但多结果时不支持预览。Csope也有此功能 Cscope: look up function defintion,但搜索结果不支持双击点开。因此实际中多用ST3和Ctags来实现此功能
(2) 对于symbol变量的定义查询,ST3不支持,Ctags有此功能,方法同其查询symbol函数的定义一致。Cscope也可以用查询symbol函数定义的方法实现此功能,搜索结果不支持双击点开。因此实际中多用Ctags来实现此功能
(3) 对于函数caller的查询,只有Cscope有此功能Cscope: look up function calling this function
(4) 全局搜索, ST3可通过Ctrl+Shift+F实现,但搜索耗时较长。Cscope可通过Cscope: look up symbol实现,因为已经通过cscope.out建立了索引,所以结果很快,但结果不一定全面

:使用Cscope的功能时,需按enter键确定才会执行

比较:ST3 + Ctags + Cscope的方案基本可以实现Source Insight的常用有效功能(除了查看类继承关系的Relation Windows),且其速度更快,界面也更为清爽。ST3相比于SI的其他优点还包括:
(1)ST3使用Ctrl+P搜索文件时,使用的是模糊匹配,不像SI必须顺次拼写正确才行
(2)ST3支持tab模式,可方便的在多个文件间切换

ST3实用技巧

(1) Alt+O可以实现头文件和源文件之间的快速切换
(2) 通过 View -> Side bar 可在左侧显示当前打开的文件列表
(3) ST3虽然不像notepad++可以在sidebar上显示函数列表,但是可通过Ctrl+R查看
(3) 通过 Preference -> Key binding user 可根据个人操作习惯自定义快捷键(包括ST3自带的和插件的)
(4) 双击可选中光标所在单词,三击可选中光标所在行
(5) Ctrl+Shift+T可以打开之前关闭的tab页,这点同chrome是一样的

RVCT 远程license 问题

错误:

Error: C9932E: Cannot obtain license for Compiler (feature compiler) with licens
e version >= 3.1:
Terminal Server remote client not allowed.
Feature: compiler
License path: D:ARMLicenseslicense.lic
FLEXnet Licensing error:-103,577
For further information, refer to the FLEXnet Licensing End User Guide,
available at “www.macrovision.com”.

解决:rvds.dat里HOSTID=XXXXX之后加上TS_OK就可以了

Hanging Sockets and Power Consumption – Basics, Part 3

很好的文章,就mobile 空socket 的耗电状态做了深入的分析.

更完整的内容参见:trepn-whitepaper-apps-power

from:https://developer.qualcomm.com/blog/hanging-sockets-and-power-consumption-basics-part-3

Continuing our series on mobile apps and their effect on battery drain, I’ll pick up where the three guidelines in Wayne Lee’s last post left off, especially #3: “Know what your app is doing with the hardware and when it’s doing it.”

One common way that mobile apps use too much power is through hanging sockets –network connections that the app is no longer using, but which the server thinks are still alive because the app has not closed them. The subsequent query from the server results in needless battery drain.

Here’s more background on the problem and how you can deal with it.

“Wake up. It’s time to go to sleep.”

Applications often “forget” to close their socket after they are done with it. Then, after some amount of time without data activity, the server times the socket out and closes it.

Socket termination in TCP requires a four-way handshake, so the server has to send a FIN packet to the device, which usually takes the device from the low-power dormant state to the higher-power active state. The device goes idle for a bit, then back to dormant. It’s like waking somebody up to tell them that it’s time to go to sleep.

Look at the example in the diagram. The red (1) shows the device jumping from dormant to active mode to send and receive data normally for a few seconds. Once finished, the cellular radio drops to a power-saving idle mode (2) in case that it’s needed again. After about 15 seconds of inactivity, the radio goes dormant (3).

    The diagram shows inefficiencies in Socket Termination activity on a device, the multiple steps it goes through to send/receive data and why it’s important to close sockets.

But the app has left the socket open (hanging). The server doesn’t like loose ends, so it sends its FIN packet to the device. This rouses the radio from dormant to active again (4), the same as if it were sending/receiving data for the app. Worse yet, the radio follows the normal curve back down to idle for another 15 seconds, wasting more power (5).

Begin to get the idea?

The phone has to bring up the radio for a simple, easily avoidable handshake because the server has asked the device for something that the app should have provided in the first place. If no other traffic moves between the device and the network, the connection is a complete waste of several hundred milliamperes.

Assuming that the app uses the network four times in an hour, the simple fix of having the app close the socket when finished can reduce network power consumption by about 20 percent, which would be the difference between eight and ten hours of standby power.

The lesson is: Program your app to close sockets when it has finished with them. Otherwise, the phone consumes power to bring up the radio for a needless handshake with the server.

Next Steps

So, to paraphrase Wayne, you need to know what your app is doing with the cellular radio, when it’s doing it and how to turn it off when the app no longer needs it.

Questions? Visit the Trepn Profiler Support Forum or let me know in the comments below.

mysql 中文乱码

默认:
mysql> show variables like “character_set%”;
+————————–+—————————-+
| Variable_name            | Value                      |
+————————–+—————————-+
| character_set_client     | latin1                     |
| character_set_connection | latin1                     |
| character_set_database   | latin1                     |
| character_set_filesystem | binary                     |
| character_set_results    | latin1                     |
| character_set_server     | latin1                     |
| character_set_system     | utf8                       |
| character_sets_dir       | /usr/share/mysql/charsets/ |
+————————–+—————————-+
8 rows in set (0.00 sec)
*************************************************************
*************************************************************
1.修改/etc/my.cnf文件,改成这样:
[mysqld]
default-character-set=utf8
init_connect=’SET NAMES utf8′
[client]
default-character-set=utf8
2./etc/init.d/mysqld restart 重新启动mysql;
mysql重启后字符集更改仍然生效。
mysql> show variables like “character_set%”;
+————————–+—————————-+
| Variable_name            | Value                      |
+————————–+—————————-+
| character_set_client     | utf8                       |
| character_set_connection | utf8                       |
| character_set_database   | utf8                       |
| character_set_filesystem | binary                     |
| character_set_results    | utf8                       |
| character_set_server     | utf8                       |
| character_set_system     | utf8                       |
| character_sets_dir       | /usr/share/mysql/charsets/ |
+————————–+—————————-+
8 rows in set (0.00 sec)
*************************************************************
*************************************************************
注意执行命令:
SET NAMES ‘utf8’;
它相当于下面的三句指令:
SET character_set_client = utf8;
SET character_set_results = utf8;
SET character_set_connection = utf8;

cosmic 编译器未调用函数优化

Q. Can the compiler automatically remove unused functions from my application?

A. Yes, the default behavior includes all code linked however, you can add the +split compiler command line option to split the object into multiple sections. i.e. One section per function such that individual functions may be removed by the linker if they are not called. You then mark one or more segments in the link command file with the -k (keep) option to specifiy which segments need to be kept. Typically, you just need to add the -k segment option to the segment containing the vecotr table. This usually coversl all of the applications call trees.

stvd-cosmic

myeclipse 2013 deploy path 修改

文件路径:./.settings/org.eclipse.wst.common.component:

<project-modules id=”moduleCoreId” project-version=”1.5.0″>
<wb-module deploy-name=”web”>
<wb-resource deploy-path=”/” source-path=”/WebRoot” tag=”defaultRootSource”/>
<wb-resource deploy-path=”/WEB-INF/classes” source-path=”/src”/>
<property name=”context-root” value=”web”/>
<property name=”java-output-path” value=”/web/WebRoot/WEB-INF/classes”/>
</wb-module>
</project-modules>

linux sync 木马 .Iptables .Iptablex

现象:linux 主机对外发出高达上G的流量定向攻击互联上的某台主机(1001端口),结果就是,目标挂掉了,你也被云主机封号了(这种攻击会导致云架构共享的网络瘫痪,所有用户无法正常服务,属于致命问题)。

对于站长来说封号就是灭顶之灾,如果数据无法备份,就更悲剧了。

目前木马攻击的注入方式未知,希望有高人研究,根据本人主机的情况,猜测ssh扫描,bug注入的可能性比较高。

防范:

1. 修改ssh默认端口

2. 修改ssh的访问源ip(类似 AWS EC2 的security groups 功能)

同样问题的站长:

http://bbs.chinaunix.net/thread-4118890-1-1.html

http://www.xujiansheng.cn/2014/01/linux-viruses-iptablex-iptables/

可疑样本文件:Iptablex.zip

希望有高人能看到,能发现后门,造福广大站长

经这两天学习和热心网友乌云微博管理员的帮助,初步定位是struct 漏洞:

类似:http://www.beardnote.com/?p=829

 

解决struts2最新s2-016代码执行漏洞–CVE-2013-2251

今天接到外界报告struts2框架存在任意命令执行漏洞,可直接执行任意系统命令。 详细见官方说明:http://struts.apache.org/release/2.3.x/docs/s2-016.html

漏洞版本:
Apache Struts 2.0.0 – Apache Struts 2.3.15

漏洞描述:
CVE-2013-225. Struts2 是第二代基于Model-View-Controller (MVC)模型的java企业级web应用框架。它是WebWork和Struts社区合并后的产物

Apache Struts2的action:、redirect:和redirectAction:前缀参数在实现其功能的过程中使用了Ognl表达式,并将用户通过URL提交的内容拼接入Ognl表达式中,从而造成攻击者可以通过构造恶意URL来执行任意Java代码,进而可执行任意命令

redirect:和redirectAction:此两项前缀为Struts默认开启功能,目前Struts 2.3.15.1以下版本均存在此漏洞

目前Apache Struts2已经在2.3.15.1中修补了这一漏洞。强烈建议Apache Struts2用户检查您是否受此问题影响,并尽快升级到最新版本

< 参考 1. http://struts.apache.org/release/2.3.x/docs/s2-016.html >

测试方法:
@Sebug.net dis 本站提供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!

由于Apache Struts2 在最新修补版本2.3.15.1中已经禁用了重定向参数,因此只要重定向功能仍然有效,则说明受此漏洞影响:

http://host/struts2-showcase/employee/save.action?redirect:http://www.yahoo.com/

如果页面重定向到www.yahoo.com,则表明当前系统受此漏洞影响。

验证表达式解析和命令执行:

http://host/struts2-showcase/employee/save.action?redirect:%25{3*4}

http://host/struts2-showcase/employee/save.action?redirect:%25{(new+java.lang.ProcessBuilder(new+java.lang.String[]{'command','goes','here'})).start()}`
Sebug安全建议:

厂商状态:
厂商已经发布Apache Struts 2.3.15.1以修复此安全漏洞,建议Struts用户及时升级到最新版本。

厂商安全公告:S2-01. 链接:http://struts.apache.org/release/2.3.x/docs/s2-016.html

软件升级页面:http://struts.apache.org/download.cgi#struts23151

目前存在漏洞的公司
乌云上,已经发布了快60个struts的这个漏洞问题,包括腾讯,百度,网易,京东等国内各大互联网公司。(http://www.wooyun.org/bugs/new_submit/) 

解决办法:
升级到Struts 2.3.15.1(强烈建议)
使用ServletFilter来过滤有问题的参数(临时替换方案)
 
参考资料:
http://sebug.net/appdir/Apache%20Struts

这次struts爆出来的漏洞,一大片的网站受的影响,影响最严重的就是电商了. 对于struts的漏洞,曾经也写过struts2代码执行漏洞,struts2自从使用OGNL表达式的方式后,经常就会报出一些可怕的漏洞出来,建议那些还是struts的童鞋们,学习一些其他的框架吧!比如,spring mvc,简单,好用,高效! 这里有篇对struts漏洞分析很透彻的文章,推荐学习学习. http://www.inbreak.net/archives/507

问题解决参考:
http://www.geek521.com/?p=3278

EC2 Instance 重启后ssh无法登陆的问题

创建instance后,第一次都能正常运行,但是重启后大概率(大于80%)创建的instance就ssh连不上了。刚开始以为自己的业务导致服务器僵死,后来发现80端口都是正常的,说明服务器没有问题,只是ssh无法连接。
于是通过其他手段登录到服务器,想手动拉起sshd,系统提示:

Failed to start SSH server :
Starting sshd: /etc/ssh/sshd_config line 157: Bad yes/without-password/forced-commands-only/no argument: without-passwordUseDNS
[FAILED]

根据提示,发现sshd_config的配置中有非法的内容(没有换行),于是手动,修改后sshd正常启动。
进一步定位分析,发现原来 EC2的 instance 的/etc/rc.d/rc.local 中有脚本控制每次开机后向sshd_config 末尾写入:

UseDNS no
PermitRootLogin without-password

当这2行缺少合法的换行时,sshd就开机无法启动了。
解决方法:
1)屏蔽rc.local脚本的相关语句
2)修改sshd_config的属性为只读

EC2 snapshot 默认创建instance无法启动问题

用创建的snapshot创建的 instance 一直显示 initialization,查看log:
EXT3-fs: sda1: couldn’t mount because of unsupported optional features (240).
EXT2-fs: sda1: couldn’t mount because of unsupported optional features (240).
Kernel panic – not syncing: VFS: Unable to mount root fs on unknown-block(8,1)
初步分析,创建都是default 的,恢复也是default的,应该没有问题才对,但看日志,是文件系统不支持,说明内核版本有问题了。于是在恢复时手动选择AKI:
aki-68c06a69 aki-config 注意:此AKI要根据自己的系统以及版本选择合适的,我选择的只针对我自己的系统。
重新选择后,创建多个实例,都启动ok

有源滤波电路的等价无源滤波电路

目前的filterlab filterpro等元件生成的参考模型都是基于有源运放的。如果我们需要无源的等价电路,一个简单的近似等价方法:

先根据自己需要用软件设计出有源滤波器电路,然后将生成的滤波电路中的运放去掉,将RC网络中原来接运放输出端的那个回路点直接改接到地。