Mirror of JVM's Blog: 2008

2008년 12월 29일 월요일

[Tip][Link] Protecting yourself when downloading using BitTorrent

If you’ve been using BitTorrent to download any of the more popular files, such as the latest episode of some major TV show, you may have found yourself receiving lots of “Wasted” data. This is data that has been discarded after being deemed corrupt or invalid by your BitTorrent client. Every so often, you will have received more wasted data than the size of the files you are downloading!

...... more
Protecting yourself when downloading using BitTorrent

2008년 12월 14일 일요일

Regular Expressions Summary table

[Source] O'Reily - Mastering Regular Expressions 2nd Edition

Summary Table.pdf

2008년 11월 28일 금요일

[Definition] Backup-Strategien + Overview for the backup types

[Quelle] bullhost.de PC-Lexikon

Bei dem EDV Begriff Backup-Strategien handelt es sich um verschiedene Vorgehensweisen beim Anlegen von Sicherungskopien eines Datenbestand. Es werden prinzipiell 3 unterschiedliche Strategien unterschieden, das Gesamt- bzw. die Vollsicherung, das Inkrementelle- bzw. die Differenzialsicherung und das Zuwachs-Backup bzw. die Zuwachssicherung.

Gesamt-Backup bzw. Vollsicherung: Bei dieser Strategie handelt es sich um eine zeitsparende, komfortable Strategie, da der komplette Datenbestand eines Datenträgers oder einer Partition gesichert wird. Diese Vorgehensweise hat den wesentlichen Nachteil, das eine hohe Speicherkapazität benötigt wird.

Differenzial- bzw. Inkrementelles-Backup: Bei der Differenzialsicherung werden nur die Daten bzw. Dateien gesichert, die sich seit dem letzten Gesamt-Backup geändert haben. Das hat den wesentlichen Vorteil das geringe Speicherreserven und ein geringer Zeitaufwand bei der Sicherung benötigt werden. Setzt jedoch ein zuvor angelegtes Gesamt-Backup als Basis voraus.

Zuwachs-Backup bzw. Zuwachssicherung: Bei dieser Strategie werden nur die Daten, Dateien und Dokumente gesichert, die seit der letzten Differenzialsicherung bzw. Vollsicherung hinzugekommen oder geändert wurden. Diese Strategie ist wie die Differenzialsicherung bei der Sicherung sehr zeitsparend und speicherkapazitätsfreundlich, ist jedoch bei der Wiederherstellung der einzelnen Daten, Dateien oder Dokumente sehr zeitaufwendig.

Die Mischform aus allen drei Strategien bezeichnet man als Medienrotationsverfahren und gilt als zuverlässigste und optimalste Sicherung eines Datenbestands. Man unterscheidet 3 Arten von Medienrotationsverfahren.
1. Tägliches Gesamt Backup
2. Wöchentliches Gesamt- & tägliches Differenzial-Backup
3. Monatliches & wöchentliches Gesamt- & tägliches Differenzial-Backup

Die Zeitspanne des zyklischen Medienrotationsverfahren bezeichnet man als Sicherungshorizont und je nach Sicherungsstufe Generationsprinzip, dabei unterscheidet man 2 Sicherungsstufen Vater-Sohn-Prinzip und Großvater-Vater-Sohn-Prinzip.

Overview of the Backup types : full backup, differential backup, incremental backup and mirror backup

[Source] Backup4all - Help - Articles

Full backup is the starting point for all other types of backup and contains all the data in the folders and files that are selected to be backed up. Because full backup stores all files and folders, frequent full backups result in faster and simpler restore operations. Remember that when you choose other backup types, restore jobs may take longer.

Read full backup page for more details.

Differential backup contains all files that have changed since the last FULL backup. The advantage of a differential backup is that it shortens restore time compared to a full backup or an incremental backup. However, if you perform the differential backup too many times, the size of the differential backup might grow to be larger than the baseline full backup.

Read differential backup page for more details.

Incremental backup stores all files that have changed since the last FULL, DIFFERENTIAL OR INCREMENTAL backup. The advantage of an incremental backup is that it takes the least time to complete. However, during a restore operation, each incremental backup must be processed, which could result in a lengthy restore job.

Read incremental backup page for more details.

Mirror backup is identical to a full backup, with the exception that the files are not compressed in zip files and they can not be protected with a password. A mirror backup is most frequently used to create an exact copy of the backup data. It has the benefit that the backup files can also be readily accessed using tools like Windows Explorer.

Read mirror backup page for more details.

Some backup softwares inspect each file's Archive flag to identify which files have been modified.

2008년 10월 26일 일요일

Active Directory Collection

Source : Microsoft Technet
Active Directory Collection : Active Directory

........

Active Directory is typically used for one of three purposes:

Internal directory. Used within the corporate network for publishing information about users and resources within the enterprise. A company’s internal directory may be accessible to employees when they are outside the company network using a secure connection such as a virtual private network (VPN) connection, but it is not accessible to non-employees.
External directory. These are directories typically located on servers in the perimeter network or demilitarized zone (DMZ) at the boundary between the corporate local area network (LAN) and the public Internet. External directories are typically used to store information about customers, clients, and business partners who access external applications or services. They are also made available to customers, clients, and business partners to provide them with selected business information such as catalogs and so on.
Application directory. Application directories store “private” directory data that is relevant only to the application in a local directory, perhaps on the same server as the application, without requiring any additional configuration to Active Directory. The personalization data, which is only interesting to the portal application and does not need to be widely replicated, can be stored solely in the directory associated with the application. This solution reduces replication traffic on the network between domain controllers.

Active Directory on a Windows Server 2003 Network

Active Directory is the information hub of the Windows Server 2003 operating system. The following figure shows Active Directory as the focal point of the Windows Server 2003 network used to manage identities and broker relationships between distributed resources so they can work together.

Active Directory on a Windows Server 2003 Network

........

[wiki] Active Directory

Quelle : Active Directory - Wikipedia DE

Der Verzeichnisdienst von Microsoft Windows 2000/Windows Server 2003 heißt Active Directory (AD). Ab der aktuellen Version Windows Server 2008 wird die Kernkomponente als Active Directory Domain Services (ADDS) bezeichnet. .....

Active Directory ermöglicht es, ein Netzwerk entsprechend der realen Struktur des Unternehmens oder seiner räumlichen Verteilung zu gliedern. Dazu verwaltet es verschiedene Objekte in einem Netzwerk wie beispielsweise Benutzer, Gruppen, Computer, Server, Dateifreigaben und andere Geräte wie Drucker und Scanner und deren Eigenschaften. Mit Hilfe von Active Directory kann ein Administrator die Informationen der Objekte organisieren, bereitstellen und überwachen.

Den Benutzern des Netzwerkes können Zugriffsbeschränkungen erteilt werden. So darf zum Beispiel nicht jeder Benutzer jede Datei ansehen oder jeden Drucker verwenden.

Serverrollen

Seit Windows Server 2008 sind unter dem Begriff Active Directory fünf verschiedene Serverrollen zusammengefasst:

Active Directory Domain Services (Active Directory Domänen Verzeichnisdienst, ADDS) sind die aktuelle Version des ursprünglichen Verzeichnisdienstes und der zentrale Punkt der Domänen- und Ressourcenverwaltung.
Active Directory Lightweight Directory Services (Active Directory Lightweight Verzeichnisdienst, ADLDS) sind eine funktional eingeschränkte Version des ADDS, die der Anbindung von Anwendungen oder Diensten, die LDAP-konforme Informationen aus dem Verzeichnis benötigen, dient. Erstmals in Windows Server 2003 implementiert, wurde der Dienst dort als Active Directory Application Mode (ADAM) bezeichnet.
Active Directory Federation Services (Active Directory Verbunddienste, ADFS) dienen der webgestützten Authentifizierung von Benutzern, wenn diese sich in Bereichen außerhalb der ADDS-Infrastruktur befinden.
Active Directory Rights Management Services (Active Directory Rechteverwaltungsdienste, ADRMS) schützen Ressourcen durch kryptografische Methoden gegen unbefugte Einsicht.
Active Directory Certificate Services (Active Directory-Zertifikatsdienste, ADCS) stellen eine Public-Key-Infrastruktur bereit.

Die vier Hauptkomponenten

1. Lightweight Directory Access Protocol (LDAP)

Der LDAP-Server stellt Informationen über Benutzer und deren Gruppenzugehörigkeit bereit. Aber auch andere Objekte wie zum Beispiel die Zertifikate eines Computers werden in dem Verzeichnis gespeichert.

2. Kerberos-Protokoll

Kerberos ist ein Protokoll, mit welchem der Benutzer authentifiziert wird, so dass er ein sogenanntes „Ticket Granting Ticket“ (TGT) erhält. Mit diesem ist es möglich, sich Diensttickets für den Zugriff auf einen bestimmten Dienst innerhalb des Netzwerks zu besorgen. Der Benutzer muss dabei nur einmal sein Passwort eingeben, um das TGT zu erhalten. Die Besorgung der Diensttickets erfolgt dabei im Hintergrund.

3. Common Internet File System (CIFS)

Das CIFS-Protokoll ist für die Ablage von Dateien im Netzwerk vorgesehen. Dabei wird DNS zum Auffinden der einzelnen Computersysteme und Dienstinformationen (SRV Resource Record) genutzt. Es stellt außerdem aufgrund des standardisierten Protokolls eine Möglichkeit zur Anbindung an das Internet dar.

4. Domain Name System (DNS)

Anders als frühere Windows-Versionen wie zum Beispiel Windows NT 4.0, welche für die Namensauflösung NetBIOS verwendeten, ist für Active Directory ein eigenes DNS erforderlich. Um voll funktionsfähig zu sein, muss der DNS-Server SRV-Ressourceneinträge unterstützen.
Aus Gründen der Kompatibilität sind Windows 2000 oder -XP-Clients mit entsprechender Konfiguration auch bei Einsatz eines Active Directories weiterhin in der Lage, mit Hilfe von NetBIOS oder WINS Ressourcen im Netzwerk ausfindig zu machen.

...............

2007/08/27 - [Network/Link for Network] - Active Directory란 무엇인가?

Active Directory란 무엇인가?

출처 : 포항 MBC 기술부 홈페이지

Directory Service란 Network 상의 Resources을 정의하고 Users 및 Applications이 이를 사용할 수 있도록 하는 Network Service .....
여기서 Resource이란 Computer, Email Address, Printer 등을 포함 .....
이상적인 Directory Service는 물리적인 Network Topology나 Protocol을 투명하게 해서 물리적으로 그것들이 어떻게 구성되어 있건 간에 User가 Resource를 이용하고자 할 때 실제로 그 Resource가 어디에 어떻게 연결되어 있는지 몰라도 이용가능하도록 구현되어야 한다.

현재 가장 널리 이용되는 Directory Service를 들라고 하면 Email Address를 대상으로 주로 사용되는 LDAP와 Novell Netware Network에서 이용되는 NDS(Netware Directory Service)가 있으며 거의 모든 Directory Service가 ITU(International Telecommunication Union)의 X.500 Standard에 기반.....
간단하게 말하면 Network 상의 모든 Resources에 관한 정보를 담고 있는 중앙 Service 또는 Server.

Windows 2000의 Active Directory는 위와 같은 표준에 따른 Microsoft Version의 Directory Service.

Details ...

2008년 10월 20일 월요일

[Tip] How to create a New User on Windows Server 2003

Windows Server 2003의 경우 새로 설치하고 나면 사용자는 Administrator뿐이다.

Terminal Services를 사용하지 않고자 하거나, 이 Server를 이용하는 다른 사용자가 없다고 하더라도, 새로이 User를 추가하는 것은 유용하다.

아래 Link의 저자가 추천하는 것은 Administrator외에 추가로 2명의 User를 더 생성하는 것이다.

하나는 직접 Administrator Account에 로그인하는 것을 피하기 위한 "Administrators" group의 한 구성원이면서, 어쩔 수 없이 Administrator로 로그인해야만 하는 상황에 사용하기 위한 사용자이다.

또 다른 하나는 "Users" group의 한 구성원이다.
UNIX에서와 같이 오직 이 Regular User로서만 로그인하고, Administrator로서 Program을 실행할 필요가 있을 때에는 "runas" Command를 사용하기를 권고하고 있다.

Windows Server에서 관리자가 이런 환경에서 작업하는 것은 상당히 불편하므로 이 권고를 그대로 따르지는 않겠지만, 적어도 Administrator Account를 그대로 사용하는 것만은 바람직하지 못하다.
임의로 "Administrators" group에 속하는 사용자를 새로이 생성하여 사용하고 Administrator Account를 비활성화하는 것이 내가 택한 절충안이다. 당연한 말이지만 이런 식으로 조금 더 편리함을 도모할수록 보안상의 위험성이 높아진다는 것을 명심할 필요가 있다.

Control Panel에는 새로운 사용자를 생성하기 위한 Shortcut이 제공되지 않는다.
새로운 사용자 생성은 Local User and Groups snap-in (Start menu - Run - lusrmgr.msc)을 통해 가능하다.

[Link] Creating a New User on Windows Server 2003

[Tip] Deactivate the Shutdown Event Tracker + Set Interactive logon: Do not require CTRL+ALT+DEL

Group Policy Object Editor(Start menu - Run - gpedit.msc)
- Computer Configuration
   - Administrative Templates
- System
[Display Shutdown Event Tracker]항목을 "disabled"로 설정.

- Computer Configuration
   - Windows Settings
- Security Settings
- Local Policies
   - Security Options
   [Interactive logon: Do not require CTRL+ALT+DEL]항목을 "enabled"로 설정.

2008년 9월 12일 금요일

[Tip] Linux/Unix에서 압축파일 다루기

물론 zip이나 rar 또는 7zip과 같은 압축파일형식은 Platform에 구애받지 않고 사용될 수 있고 실재로 많이 사용되고 있기는 하지만, Linux/Unix에서 가장 자주 만나게 되는 압축파일은 filename.tar.gz 와 filename.tar.bz2와 같은 형식이다.
(최근의 Data Compression Software들은 다양한 format을 지원하고 있기 때문에 tar.gz나 tar.bz2 등도 적절한 Windows Utility를 사용하면 MS Windows에서 사용하는 데 큰 어려움은 없다.)
Kernel Source라든지 Application들의 Source Package들도 주로 이 두가지 형식으로 배포된다.
이러한 압축파일들은 tar 명령과 gzip, bzip2와 같은 Utility들을 이용하여 만들어질 수 있다.

===| TAR |=======================
TAR는 UNIX의 standard archive utility로서 원래 Tape ARchiving program에서 유래하였다.
지정된 여러 개의 file들을 archive라고 부르는 하나의 file로 만들거나, 하나의 archive에 모아져 있는 여러 개의 file을 원래의 형태대로 추출해내는 UNIX SHELL command이다.
tar archive에는 ".tar"라는 확장자가 붙는다. tar archive 내에 들어있는 file들은 압축되는 것이 아니라, 단지 하나로 모아지는 것뿐이다. 흔히 tar로 묶어진 archive를 "tarball"이라 부르기도 한다. 이러한 tar archive를 gzip이나 bzip2로 다시 압축한 것이 archive-name.tar.gz와 archive-name.tar.bz2이다.

$ tar cvf backup.tar /home/jvm
이 명령은 /home/jvm 안의 모든 file을 backup.tar의 이름으로 묶는다. 첫 번째 argument인 "cvf" 는 tar의 option으로서, "c"는 새로운 file을 생성(create)하며, "v"는 명령이 수행되는 세부 process를 화면에 출력될 것을 지정한다(verbose). "f"는 생성될 file의 이름을 다음에 나오는 argument인 backup.tar로 지정한다(file). 마지막 argument는 압축이 될 file이나 directory이다.

# tar xvf backup.tar
current directory의 backup.tar를 푼다(extract). tar로 묶인 것을 풀 때 기존의 file들을 덮어쓰게 되므로 주의를 요한다. backup.tar가 directory를 포함한다면, 자동적으로 directory가 생성되고 file이 속하게 된다.

===| compress |=======================
근래에는 잘 사용하지 않는 compress의 경우 가장 먼저 나와서 가장 오랫동안 사용되었으나, algorithm에 대한 Software License 문제와 gzip의 효율이 compress 보다 좋다는 점, 그리고 gzip으로도 compress를 이용해 압축된 file을 다룰 수 있다는 등의 이유로 gzip(GNU Zip)으로 대치되었다.

compress로 압축된 file의 끝에는 확장자 .Z가 붙는다. 예를 들면,
$ compress backup.tar 라는 명령으로 backup.tar를 compress를 사용해 압축하면 backup.tar.Z이 만들어진다.
압축을 해제할 때에는 다음과 같이 uncompress를 이용한다.
$ uncompress backup.tar.Z 해주면 backup.tar가 풀려나온다.

===| GZip |=======================
GNU Zip(gzip)은 compress 명령보다 더 나은 Data Compression기능을 갖고 있으며 주로 tar로 묶여진 archive를 다시 압축할 때 사용하게 된다.
압축파일에는 ".gz"라는 확장자가 붙는다.

$ gzip -9 backup.tar 와 같이 명령을 주면 최상의 압축률(-9)로 backup.tar를 압축한 backup.tar.gz가 만들어진다.
이것을 Pipe와 Redirection을 사용하여
$ tar cvf - /home/jvm | gzip -9c > backup.tar.gz 와 같이 해주어도 된다.
(먼저 tar file을 tar의 표준출력(-)으로 보내고, 이것은 gzip과 pipe되어 들어오는 tar file을 압축하여 그 결과를 backup.tar.gz로 redirect시킴으로써 file로 저장된다. gzip의 -c option은 출력을 redirect하기 위해 표준출력으로 보낸다.)

압축을 해제하기 위한 명령은 gunzip이다. 이것은 gzip -d와 동일하다.
$ gunzip backup.tar.gz 명령을 통해 backup.tar가 풀려나오고,
$ tar xvf backup.tar 해주면 archive가 풀려진다.
이 두 명령을 한 번에 하려면
$ gunzip -c backup.tar.gz | tar xvf - 와 같이 하면된다.
(gunzip은 bacup.tar.gz의 압축을 해제하고, 그 결과를 표준출력으로서 tar에 보낸다. -는 tar의 표준출력.)

이제 흔히 볼 수는 없지만 확장자가 .taz이거나 .tgz인 archive들을 어디선가 만날 수 있다.
Linux/Unix에서는 file을 하나의 archive로 인식하기 위하여 어떤 특정한 확장자를 꼭 붙여줄 필요가 없다. 단지 알아보기 편하도록 tar로 묶으면 확장자 .tar를 붙이고, 이것을 압축하면 .tar.Z나 .tar.gz와 같은 확장자가 붙게 된 것이다.
그렇지만 MS-Dos System에서는 이러한 이중확장자를 사용할 수 없었기 때문에 .tar.Z와 동일한 .taz확장자와 .tar.gz와 동일한 .tgz가 사용되었다. 이러한 압축을 푸는 방식은 물론 .tar.Z와 .tar.gz와 동일하다.

===| bzip2 |=======================
bzip2는 Lossless Data Compression Algorithm으로 Burrows-Wheeler Transform(Block-Sorting Compression)을 써서 자주 반복되는 Character String을 같은 Character String로 변환한 다음 MTF(move-to-front) Transform, Huffman Coding을 차례대로 적용하는 구조이다. gzip이나 zip에 비해 압축률이 좋지만 느리다.(13MByte 정도 크기의 text file을 압축하면 354kByte가 되었다고 하니 놀랄만한 압축률이다.)
bzip2 자체적으로는 다중파일을 다루거나 분할압축, 암호화 등의 기능이 없다. 그러한 기능은 tar와 같은 다른 Utility가 대신하게 된다. 특징이나 사용할 수 있는 option은 gzip과 거의 같다.
압축파일에는 ".bz2"라는 확장자가 붙는다.

$ bzip2 backup.tar 와 같이 명령을 주면 backup.tar를 압축한 backup.tar.bz2가 만들어진다.
이것을 Pipe와 Redirection을 사용하여
$ tar cvf - /home/jvm | bzip2 > backup.tar.gz 와 같이 해주어도 된다.

bzip2는 압축만 할 수 있고 archive 기능은 가지고 있지 않다.
또한 위에서 다중파일을 다루지 못한다고 하였는데 여러 file들을 각각 동시에 압축하는 것은 가능하다.
예를 들어 file1, file2, file3 가 있는 directory에서
$ bzip2 * 와 같이 명령을 주면 file1.bz2, file2.bz2, file3.bz2 가 생성된다.
$ bunzip2 * 해주면 file1, file2, file3가 동시에 풀려져 나온다.

압축을 해제하기 위한 명령은 bunzip2이다. 이것은 bzip2 -d와 동일하다.
$ bunzip2 backup.tar.gz 명령을 통해 backup.tar가 풀려나오고,
$ tar xvf backup.tar 해주면 archive가 풀려진다.
이 두 명령을 한 번에 하려면
$ bunzip2 -c backup.tar.gz | tar xvf - 와 같이 하면된다.

[Tip]
BSD와 GNU Version tar는 compress와 gzip압축을 다룰 수 있는 option(Z / z)와
bzip2압축을 다룰 수 있는 option(j)가 patch되어 있다.
따라서 pipe를 사용하지 않고 한 번의 명령으로 압축이나 해제를 할 수 있다.

$ tar czvf archive-name.tar.gz * 라고 하면 하위 디렉토리를 포함한 모든 파일을 tar로 묶어서(.file은 제외) gzip으로 압축하라는 의미이다.
(Z option에 archive-name.tar.gz 대신에 archive-name.tar.Z를 사용하면 compress로 압축.)

$ tar xzvf archive-name.tar.gz와 같이 z option을 사용하여 tar.gz을 한 번에 압축해제 가능.
(Z option에 archive-name.tar.gz 대신에 archive-name.tar.Z를 입력하면 compress 압축해제.)

하위 디렉토리를 포함한 모든 파일을 tar로 묶어서(.file은 제외) bzip2로 압축하려면
$ tar cjvf archive-name.tar.bz2 *

tar.bz2를 한 번에 압축해제 시키려면
$ tar xjvf archive-name.tar.bz2

결론적으로 여러 Data Compression Software들이 있지만 tar 하나만 잘 활용하면 .tar, .tar.Z, .taz, .tar.gz, .tgz, .tar.bz2 와 같은 확장자를 가진 모든 압축파일을 문제없이 사용할 수 있다.

<추가>
tar의 info page를 찾아보다가 그동안 정확히 알고 있지 못하던 내용을 새로이 보게되어 추가한다.
tar에서 option을 주는 방법은 Long option / Short option / Old style option 세가지가 있다.
--verbose 이렇게 사용하는 것은 Long option,
-v 이렇게 쓰는 것은 Short option이고 Old style option은 Short option과 마찬가지로 Single letter이다.
그러나 단독으로 사용할 수는 없고 공백없이 option letter들을 붙여쓴다.
위에서 tar에 대한 예로서 사용한 명령들은 다 Old style option을 사용하였다.

tar --create --file=archive.tar file1
tar -cf archive.tar file1
tar cf archive.tar file1

이 세 명령은 모두 동일하다. 그렇지만 조심해야할 경우가 있다.

tar -cfz archive.tar.gz file1
tar cfz archive.tar.gz file1

이 두 명령은 전혀 다르다. Old style option의 경우 f option에 대한 value로서 archive.tar.gz를 사용하고,
gzip압축을 위한 option으로서 z를 인식하게 된다. 이와 같은 기대를 하고 tar -cfz archive.tar.gz file1 을
사용하면 전혀 의외의 결과를 얻게된다. 왜냐하면 이 경우 z가 f option에 대한 value로 받아들여져 버리기
때문이다. 하지만 다음과 같이 사용함으로써 이 문제를 피할 수 있다.

tar -czf archive.tar.gz file1
tar -cf archive.tar.gz -z file1
tar cf archive.tar.gz -z file1

Old style option은 구버전의 tar와의 호환성을 위해 유지되고 있다.
Long option의 경우 단어 자체를 사용하므로 직관적이나 길어서 불편하다.
개인적으로는 Old style option이 편하긴 하지만 아무래도 Short option 형태를 사용하는 것이 나을 것도 같다.
다만 f option의 경우처럼 value가 바로 따라오는 syntax를 가진 경우를 조심해야한다.

2008년 9월 11일 목요일

[Vista] 비스타 팁 총정리

http://flyspace6059.spaces.live.com/blog/cns!CB934C07AD7DB567!117.entry

2008년 7월 18일 금요일

[Link] IIS Admin Blog + ASP Free Forums

How to install PHP on IIS 6.0

How to install MySQL and PHP on IIS 6.0

How to install WordPress on IIS 6.0

/** db와 user를 생성하고 사용 권한을 주는 기본적인 명령 **/
mysql> CREATE DATABASE databasename;

mysql> CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';

mysql> GRANT SELECT , INSERT , UPDATE , DELETE , CREATE , DROP , ALTER ON 'databasename' . * TO 'username'@'localhost';

// 이 명령을 실행하면 error가 발생하는 데 syntax가 잘못되었다고 하지만 어디가 정확히 잘못된 것인지 찾지 못해 db생성은 phpMyAdmin을 사용하였다.

mysql> FLUSH PRIVILEGES;

mysql> CREATE DATABASE databasename;

mysql> GRANT ALL PRIVILEGES ON databasename.* TO "dbusername"@"hostname"
-> IDENTIFIED BY "password";

mysql> FLUSH PRIVILEGES;

Using PHP with MS SQL Server

2008년 7월 17일 목요일

[Link] Getting Started With OpenSolaris 2008.05

Getting Started With OpenSolaris 2008.05

Document Information

1. Getting Started With OpenSolaris 2008.05

2. Getting Started With the Image Packaging System

IPS Overview

IPS for End Users (Tasks)

Installing Developer Software (Tasks)

IPS for Developers (Commands)

IPS For Developers (Tasks)

Further Information

pkg(1) Command Reference

Glossary

NetBeans Packages

Sun Studio Express 5/08 Packages

Web Stack Packages

3. Upgrading and Managing Your Boot Environments

[scrap] Howto use Blastewave and Sunfreeware Repositories in OpenSolaris 2008.05

[Source] EDV - Ende der Vernunft

First how much stuff is in it?

jvm@is7:~# pkg list -a | wc -l
9214

Now add the repos.

jvm@is7:~# pkg set-authority -O http://blastwave.network.com:10000 blastwave
jvm@is7:~# pkg set-authority -O http://pkg.sunfreeware.com:9000 sunfreeware.com

And update.

jvm@is7:~# pkg refresh

So you get.

jvm@is7:~# pkg list -a | wc -l
11224

2008년 7월 11일 금요일

YouTube Video Quality Investigation

http://www.youtube.com/watch?v=U6KoEfczGEo 에서 공급한 동영상 소스

more..

DoA님께서 블로그에 올리신 소스

more..

http://www.youtube.com/watch?v=U6KoEfczGEo&fmt=18 에서 capture.

수정된 고화질용 소스

/** 고화질 요청이 적용되지 않음. **/

DoA님께서 블로그에 올리신 고화질용 소스

/** 고화질 요청이 적용되었음. **/

제목처럼 거창한 작업은 아니지만 나름대로 상당히 번거로운 포스팅이 되고 말았다.
위에서 알 수 있듯이 http://www.youtube.com/watch?v=U6KoEfczGEo&fmt=18 를 통해 고화질 비디오를 보는 것은 가능하였으나 동영상 소스 삽입은 동작하지 않았다.
이러한 현상이 일부 비디오에 해당하는 문제인지 전체 YouTube에 해당하는 문제인지는 아직 알 수 없다.
예전에 블로그에 올린 YouTube 비디오들은 다 사전에 두 버전을 비교해보았었기 때문에 당연히 작동한다고 믿고 있었던 것이 잘못된 것이었다.

2008년 7월 7일 월요일

Route Poisoning

[Source] Wikipedia, the free encyclopedia

Route poisoning is a way to prevent routing loops.
Distance-vector routing protocols use route poisoning to indicate to other routers that a route is no longer reachable and should be removed from their routing tables.
A variation of route poisoning is split horizon with poison reverse whereby a router sends updates with unreachable hop counts back to the sender for every route received to help prevent routing loops.

A route is considered unreachable if the hop count exceeds the maximum allowed. Route poisoning is a method of quickly removing outdated routing information from other router's routing tables by changing its hop count to be unreachable (higher than the maximum number of hops allowed) and sending a routing update.

In the case of the Routing Information Protocol (RIP), to perform route poisoning on a route its hop count is changed to 16, deeming it unreachable (sometimes referred to as an Infinite metric) and a routing update is sent.

Ethernet0 on GW_Router went down.
The Router is poisoning the routes and multicasting the new path costs via Ethernet1.

When a router receives a route poisoning, it sends an update back to the router from which it received the route poisoning, this is called poison reverse. This is to ensure that all routers on a segment have received the poisoned route information.

The security protocols to secure wireless computer networks

[Source] Wikipedia, the free encyclopedia

Wired Equivalent Privacy (WEP)

WEP is a deprecated algorithm to secure IEEE 802.11 wireless networks. Wireless networks broadcast messages using radio and are thus more susceptible to eavesdropping than wired networks.
Beginning in 2001, several serious weaknesses were identified by cryptanalysts with the result that today a WEP connection can be cracked with readily available software within minutes.

Two methods of authentication can be used with WEP: Open System authentication and Shared Key authentication.

Encryption Algorithm : stream cipher RC4 for confidentiality, CRC-32 checksum for integrity.

Wi-Fi Protected Access (WPA and WPA2)

WPA is a certification program created by the Wi-Fi Alliance.
The WPA certification mark indicates compliance with a security protocol designed to enhance the security of wireless networks.

There are two flavors of this protocol: enterprise and personal.
Enterprise is meant for use with an IEEE 802.1X authentication server, which distributes different keys to each user.
Personal WPA utilizes less scalable "pre-shared key" (PSK) mode, where every allowed computer is given the same passphrase.
The WPA and WPA2 standard has officially adopted five EAP(Extensible Authentication Protocol) types as its official authentication mechanisms.

Data is encrypted using the RC4 stream cipher, with a 128-bit key and a 48-bit initialization vector(IV). One major improvement in the protocol over WEP is the Temporal Key Integrity Protocol (TKIP), which dynamically changes keys as the system is used.

In addition to authentication and encryption, the protocol also provides vastly improved payload integrity. The cyclic redundancy check (CRC) used in WEP is inherently insecure; A more secure message authentication code (MIC : message integrity code) is used in the protocol.

WPA2 introduces a new AES(Advanced Encryption Standard)-based algorithm, CCMP(Counter Mode with Cipher Block Chaining Message Authentication Code Protocol), that is considered fully secure. CCMP uses AES algorithm. Unlike TKIP, key management and message integrity is handled by a single component built around AES.

Comparison

	Authentication	Encryption Algorithm	Encryption Method
WEP	Open System authentication Shared Key authentication	RC4	WEP
WPA	802.1x / EAP / PSK	RC4	TKIP
WPA2	802.1x / EAP / PSK	AES	CCMP

[Link] Frame Relay

Frame Relay @ protocols.com

Introduction to Frame Relay - Part 2 @ www.cramsession.com

.....
In 1990, Cisco and several partners developed the Local Management Interfaces (LMI) enhancements to the Frame protocol. LMI adds several important management functions to the Frame specifications. There are three types of LMI configurable on Cisco devices: Cisco, ANSI, and q933a (default is Cisco). LMI uses reserved DLCI 1023 (cisco LMI) or DLCI 0 (ANSI and ITU).
.....

[Link] Enhanced Inter-Gateway Routing Protocol (EIGRP)

EIGRP @ wikipedia.org

EIGRP @ www.rhyshaden.com

EIGRP @ networking.ringofsaturn.com

#. List of IP protocol numbers
EIGRP = 88
OSPF = 89

2008년 7월 6일 일요일

[cisco.com] Understanding Port Security

[Source] Catalyst 4500 Series Switch Cisco IOS Software Configuration Guide, 12.1(20)EW

> Configuring Port Security > Understanding Port Security

Understanding Port Security

You can use the port security feature to restrict input to an interface by limiting and identifying MAC addresses of the workstations that are allowed to access the port. When you assign secure MAC addresses to a secure port, the port does not forward packets with source addresses outside the group of defined addresses. If you limit the number of secure MAC addresses to one and assign a single secure MAC address, the workstation attached to that port is assured the full bandwidth of the port.

If a port is configured as a secure port and the maximum number of secure MAC addresses is reached, when the MAC address of a workstation attempting to access the port is different from any of the identified secure MAC addresses, a security violation occurs.

After you have set the maximum number of secure MAC addresses on a port, the secure addresses are included in an address table in one of these ways:

•You can configure all secure MAC addresses by using the switchport port-security mac-address mac_address interface configuration command.

•You can allow the port to dynamically configure secure MAC addresses with the MAC addresses of connected devices.

•You can configure a number of addresses and allow the rest to be dynamically configured.

Note If the port shuts down, all dynamically learned addresses are removed.

After the maximum number of secure MAC addresses is configured, they are stored in an address table. To ensure that an attached device has the full bandwidth of the port, configure the MAC address of the attached device and set the maximum number of addresses to one, which is the default.

Note When a Catalyst 4000 switch port is configured to support voice as well as port security, the maximum number of allowable MAC addresses on this port should be changed to three.

A security violation occurs if the maximum number of secure MAC addresses has been added to the address table and a workstation whose MAC address is not in the address table attempts to access the interface.

You can configure the interface for one of these violation modes, based on the action to be taken if a violation occurs:

•Restrict—A port security violation restricts data, causes the SecurityViolation counter to increment, and causes an SNMP Notification to be generated. The rate at which SNMP traps are generated can be controlled by the snmp-server enable traps port-security trap-rate command. The default value ("0") causes an SNMP trap to be generated for every security violation.

•Shutdown—A port security violation causes the interface to shut down immediately. When a secure port is in the error-disabled state, you can bring it out of this state by entering the errdisable recovery cause psecure-violation global configuration command or you can manually reenable it by entering the shutdown and no shut down interface configuration commands. This is the default mode.

You can also customize the time to recover from the specified error disable cause (default is 300 seconds) by entering the errdisable recovery interval interval command.

Port Security Guidelines and Restrictions

Follow these guidelines when configuring port security:

•A secure port cannot be a trunk port.

•A secure port cannot be a destination port for Switch Port Analyzer (SPAN).

•A secure port cannot belong to an EtherChannel port-channel interface.

•A secure port cannot be an 802.1X port. If you try to enable 802.1X on a secure port, an error message appears, and 802.1X is not enabled. If you try to change an 802.1X-enabled port to a secure port, an error message appears, and the security settings are not changed.

•A secure port and static MAC address configuration are mutually exclusive.

##################################################################################
Switch1(config-if)# switchport port-security maximum 1
// Only one host is permitted to attach dynamically to each port.
Switch1(config-if)# switchport port-security violation shutdown
// If that policy ist violated, the interface should shut down.

2008년 7월 4일 금요일

[scrap] WAN Layer 2 Encapsulation

[Source]

Interconnecting WANs

> Establishing Serial Point-to-Point Connections

> WAN Layer 2 Encapsulation

WAN Layer 2 Encapsulation

As you move up from the physical layer of the OSI model, serial devices must encapsulate data in a frame format at the data link layer (Layer 2). Different services can use different framing formats.

To ensure that the correct protocol is used, you need to configure the appropriate data link layer encapsulation type. The choice of protocol depends on the WAN technology and communicating equipment. Figure 7-5 shows the protocols that are associated with the three WAN connectivity options.

Figure 7-5. Data Link Layer: WAN Encapsulation Types Based on Connection Type

Typical WAN encapsulation types include the following:

Cisco High-Level Data Link Control (HDLC or cHDLC)— cHDLC is the default encapsulation type for Cisco routers and is used on point-to-point dedicated links and circuit-switched connections. Cisco HDLC is a proprietary synchronous data link layer protocol typically used when communicating between two Cisco devices. HDLC is covered in more detail later in this chapter.
Point-to-Point Protocol (PPP)— PPP is a standard protocol that provides router-to-router and host-to-network connections over many physical standards, including synchronous and asynchronous circuits. PPP was designed to work with several network layer protocols, such as IP. It also has built-in security mechanisms such as Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP). PPP is covered in more detail later in this chapter.
Serial Line Internet Protocol (SLIP)— SLIP is a standard protocol for point-to-point serial connections using TCP/IP. SLIP has been largely displaced by PPP.
X.25/Link Access Procedure, Balanced (LAPB)— LAPB is an International Telecommunications Union Telecommunications Standardization Sector (ITU-T) standard that defines how connections between DTE and DCE are established and maintained for remote terminal access and computer communications over unreliable links. The X.25 specification defines LAPB as its data link layer protocol.
Frame Relay— Frame Relay is an industry-standard switched data link layer protocol based on ISDN framing technology that handles multiple virtual circuits. Frame Relay is viewed as a successor to X.25, streamlined to eliminate some of the time-consuming processes that were employed in X.25, such as error correction and flow control, that were employed to compensate for older, less-reliable communications links. Frame Relay is covered in more detail in Chapter 8, "Establishing a Frame Relay PVC Connection."
Asynchronous Transfer Mode (ATM)— ATM is the international standard for cell relay in which multiple service types (such as voice, video, and data) are conveyed in fixed-length (53-byte) cells. Fixed-length cells allow processing to occur in hardware, reducing transit delays. ATM is designed to take advantage of high-speed transmission media such as T3, E3, and Synchronous Optical Network (SONET).

[cisco.com] Cisco Feature Navigator

Cisco Feature Navigator allows you to quickly find the right Cisco IOS, IOS XE and CatOS software release for the features you want to run on your network.

Cisco Feature Navigator

2008년 6월 28일 토요일

[Link] High Quality on Youtube

Youtube has slowly started to create better quality versions of many videos, adding links that say, "Watch this video in higher quality." See this High Quality example and compare it to Youtube's Normal Quality.

..... more in Jimmy Ruska's Blog

+

How to Embed High Quality and Higher Resolution YouTube Videos on Blog or Website