putty注册表项的自动备份

可以用putty的portable版本，会自动在相应子目录中生成一个注册表项，以后启动时不读取注册表，而是读取这个本地的注册表文件。
（后来试了下，从注册表导出putty对应的项失败，说明这个portable版本根本就没对注册表进行操作）

也可以这样：
（转载）
一个简单的批处理，作为Putty的启动外壳：
@echo off
rem Export settings and saved sessions in registry.
regedit /e %CD%\putty.reg HKEY_CURRENT_USER\Software\SimonTatham
start putty.exe

proxychains使用

from: http://binaryunit.blogspot.com/2007_07_01_archive.html

Out from the proxy in 60 seconds

So, in your university, you can surf internet only behind a proxy, within a limited surfing area. If your situation is like the following:

* IP-level web proxy
* Only educational domains accessible
* Personal Linux account without any administrative privileges

then there could be a way to go out. I'll briefly explain how I did in my university, but most probably with a few adaptations the same procedure could work in very different environments. Please note that this is not a guide for dummies: I'll just list the necessary steps, without going deep in details (e.g. how to use a hex editor or how to set up a configuration file).

Have you ever heard about Planetlab platform and its proxy service Codeen? If not, please inform yourself through Wikipedia before continuing :) Let's just say there's a free http proxy service available in some educational domains (especially universities); most of them are accessible also from limited surfing proxies, so all we have to do is to configure our system so that a Codeen proxy is used to surf. How to reach that proxy? Through your ordinary proxy, of course; but how to use two proxies in a chain? Most of web browsers don't allow to set up a proxy chain, so we must use additional softwares like proxychains.

Most probably you can access at least the package mirrors of the distro you're using; for example, I could access http://packages.ubuntu.com and some of its download mirrors from behind my proxy, so I could download the package with the same computer. Otherwise, I would just have had to download the same package through another machine and then to copy it in the behind-proxy-machine.

Once we have a .deb (or .rpm or whatever) package, we can open it with an archive manager to unpack just the files we need: the executable(s), eventual local configuration files and the required libraries (tipically to be unpacked in a ./lib subdirectory). We cannot install new shared libraries because we don't have administrative privileges, but we know other ways to use non-installed libraries. For example:

user@lab:~/proxy$ export LD_LIBRARY_PATH=./lib
user@lab:~/proxy$ export LD_PRELOAD=`pwd`/lib/libproxychains.so
user@lab:~/proxy$ ./proxychains /usr/bin/firefox
ERROR: ld.so: object '/usr/lib/libproxychains.so' from LD_PRELOAD cannot be preloaded: ignored.
ERROR: ld.so: object '/usr/lib/libproxychains.so' from LD_PRELOAD cannot be preloaded: ignored.
user@lab:~/proxy$

Unfortunately, setting LD_LIBRARY_PATH or LD_PRELOAD doesn't work, because proxychains executable overwrites the latter one. Two choices: modifying proxychains source and compiling it again (but we may need other "dev" packages to install), or modifying the proxychains executable with a hexadecimal editor. We choose the second one, and if we don't have a hex editor on our machine, we can download also another app like hexedit; it allows us to modify the only text string we care about: "/usr/lib/libproxychains.so", that we're going to change in a local path (with the same length like "././/lib/libproxychains.so" or "./tmplib/libproxychains.so".

At this point, we should have proxychains working. Let's choose from this list a Codeen proxy accessible from our usual proxy; from an italian university, a proxy ending with ".uni**.it" should be fine. On my machine, setting a 2-proxies chain doesn't work; for some reasons, the only way to make it work is to set up proxychains.conf with the "internal" proxy (the university proxy) and the browser (Firefox, of course) with the Codeen proxy. And the result is...

Google! Good job. But there's another point to consider: if you're not surfing from a Planetlab IP, as you probably aren't, HTTPS traffic is disabled. This means: no Gmail, Yahoo Mail, nor other SSL logins or transactions. Unfortunately, some forums are managed via https protocol; to reach these forums (e.g. your university forum), you have to disable the use of Codeen proxy and to change Firefox settings again. The fastest way to do this is probably to keep two separate profiles in Firefox with different settings; supposing you named the "special" profile freefox, a bash script to open a free Firefox will be like this:

#!/bin/bash
cd ~/proxy
./proxychains /usr/bin/firefox -P freefox $* &

Other solutions to have HTTPS support:

1. Finding an external, free proxy which supports HTTPS traffic tunneling, and adding this proxy to the chain;
2. Setting up a machine with public or dynamic IP with SSH server in http tunneling (with -X extension enabled); but if you can do this, then you don't need to read this lousy "tutorial" ;)

In a nutshell:

1. Download proxychains and a hexadecimal editor (from their website or from your favourite distro repository);
2. Replace the absolute library path inside the proxychains executable with a (valid) local one;
3. Find in the list a Codeen proxy you can reach from behind your proxy;
4. Setup proxychains to use your usual proxy, and Firefox (or another program you need) to use the Codeen proxy;
5. You're out!

60 seconds should be enough, once you know what to do and you have a little practive.

From great powers come great responsabilities... Spread this trick and you won't find a free place in your laboratory anymore. And, of course, all this is only intended to help you reaching external websites for educational purposes only... like The Unbearable Lightness of Bit.

Have a nice (didactic) free web browsing!

Conceived on Wednesday, July 04, 2007 5 reactions

The safest boat in the world



Which is the safest boat in the world?
It's easy: SSL...


(I took this picture during my stay in Turku, Finland)

Conceived on Wednesday, July 04, 2007 0 reactions

Rumours

Do you know who will Sun Microsystems sponsor during next Formula 1 season?

J. Button...

Conceived on Sunday, July 01, 2007 0 reactions

October 2007 June 2007 Home
Subscribe to: Posts (Atom)

一些和代理相关的软件

先说下可以让所有应用透明使用socks代理的软件（属于和socks相关的软件）：
tsocks可以把一个socks代理转为所有应用程序的代理，可惜只能在linux下使用，而且只能转换socks代理，今天在水木上偶然见到了类似的程序：
（http://es.wikipedia.org/wiki/Authenticated_firewall_traversal上Clientes SOCKS部分列出了一些类似程序，或参见http://en.wikipedia.org/wiki/Authenticated_firewall_traversal）

proxycap：只在Windows平台上，支持HTTP (HTTPS), SOCKS v4, 和SOCKS v5代理。可以把一个socks4、socks5、https代理支持系统中的所有应用，例如用ssh tunneling建立了一个socks代理，运行proxycap并正确配置后，可以让本机的所有应用透明的通过该socks代理联网。
另外winsocks也是同一家公司出的产品，其作用是建立一个socks代理服务器，让指定的IP能使用本机作为socks代理。它和ccproxy（各种代理都可，也很小）、squid、tinyproxy（http/ssl代理服务器）类似。
（以上两个产品都是付费软件，可试用30天）

Proxifier （和proxycap类似，Windows上，支持HTTPS 和 SOCKS 和 a chain of proxy servers，试用期30天）

proxychains
Linux平台，也支持HTTP(HTTPS)和SOCKS(4/5)，原理和tsocks差不多，也是改LD_PRELOAD环境变量，其特点是可以构造一个proxy chain。

其它的类似软件还有：
# Dante client
# FreeCap FreeCap
# Hummingbird socks
# SocksCap
# socat
# connect connect
# GNet Library GNet Library



注：privoxy可以把socks代理转为http代理
此外，kingate（Linux）、SyGate（Windows）、WinGate、WinRoute、anyrouter（Windows）是集成了防火墙或网关功能的代理服务器。
还有，socks5，安装包为socks5-v1.0r11.tar.gz，
在http://freeware.sgi.com/source/socks5/有下载
ss5是socks5代理服务器（http://ss5.sourceforge.net/）


更多内容参见：http://en.wikipedia.org/wiki/Proxy_server



后记：
freecap sockscap proxycap proxifier 这几个把http、socks等代理让所有程序使用的软件，只有freecap是免费的。而freecap的作者离开freecap后又开发了widecap，可惜这个只能试用30天。

手动开启sogou代理让ff使用

搜狗浏览器的教育网加速功能不错，可惜是搜狗浏览器的一个功能，其它应用程序不能使用，而今天在bbs上看到一个牛人，用process explorer查看搜狗进程，发现了代理对应的进程，于是手动启动代理进程，在ff中设置后，顺利使用了搜狗的代理。具体方法如下：
SogouExplorer.exe -proxy "D:\Program Files\SogouExplorer\at1.dll" "CNC" "BC80AE7C3t80254E36ac327533818293" "" 50
据bbs上的那个人说，这里的一个字符串是和机器相关的识别码，每个人都不一样；
之后在ff中把代理设置为http的，127.0.0.1，端口为8081（代理进程监听两个端口：8081和8082，但用8082时会出现错误）
事实上，只需命令
SogouExplorer.exe -proxy
即可
要想开机即运行这个命令，则在注册表项[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]中加入"Sogou Proxy"="D:\Program Files\SogouExplorer\SogouExplorer.exe" -proxy，即可，或用超级兔子增加注册表的开机选项，也行。

类型：http
地址：118.228.148.20~30(共10个，任意一个都可以)
端口：80

process explorer

微软提供的免费软件，比任务管理器更强大，能显示进程是从那个命令启动的，完全可以替代task manager。 后记： 启动时普通用户权限，网络、替换task manager等功能无权，菜单里选“show details for all processes”后，或者直接进C:\Windows\System32或者管理员命令行里面，使用管理员权限执行，则可看到网络、替换task manager等功能，但网络监控没task manager（任务管理器）好使（资源监视器resmon的网络监控也没有task manager好使），例如使用程序循环访问网页，在task manager里面可以看到周期性的波峰。那么如何换回task manager呢？ 之前记得process explorer菜单里面有恢复的选项，但这次下载的版本没有，于是只能更改注册表选项： HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger 替换后是： "C:\WINDOWS\SYSTEM32\PROCEXP64.EXE" 换回"C:\WINDOWS\SYSTEM32\TASKMGR.EXE"也不行，无法使用并提示：taskmgr传递给系统调用的数据区域太小，删除这个Debugger注册表项就OK了，可以直接调出task manager，也可以把process explorer放进C:\Windows\System32并通过命令procexp64（32位用procexp）调用

http换成https

今天访问google reader和google groups时，由于GFW，部分内容不能正常访问，好在还能通过codeen访问，而在把http://reader.google.com/ 或 http://groups.google.com/ 换成 https后，就没这个问题了，嘿嘿，在一个google的group里看到的

7zip右键菜单的问题

前段时间重装系统后，7-zip仍然可用，但右键菜单失效（点了没反应），后来重装也不行，今天突然发现可用了，原来昨天不小心把机箱插头搞掉了，重启了下。
看来7-zip的右键菜单设置需要重启后才能生效，确实有点不方便。

单击锁定

今天在bbs的linux版上看见别人介绍了KDE有鼠标的单击锁定，刚才在Windows下试了一下，还蛮好用的，嗯，不错。

man后的数字

1 Executable programs or shell commands
2 System calls (functions provided by the kernel)
3 Library calls (functions within program libraries)
4 Special files (usually found in /dev)
5 File formats and conventions eg /etc/passwd
6 Games
7 Miscellaneous (including macro packages and conven-
tions), e.g. man(7), groff(7)
8 System administration commands (usually only for root)
9 Kernel routines [Non standard]1:用户指令

2:系统调用
3:程序库
4:设备说明
5:文件格式
6:游戏
7:杂项
8系统指令
9:内核



/usr/man/man1 普通的命令─在shell中执行的命令
/usr/man/man2 系统调用─关于核心函数的文档
/usr/man/man3 库调用─libc函数的使用手册页，如printf,fread
/usr/man/man4 特殊文件─关于/dev目录中的文件的信息
/usr/man/man5 文件格式─/etc/passwd和其他文件的详细格式
/usr/man/man6 游戏：给游戏留的,由各个游戏自己定义
/usr/man/man7 宏命令包─对Linux文件系统、使用手册页等的说明。还有一些变量,比如向environ这种全局变量在这里就有说明
/usr/man/man8 系统管理─根操作员操作的使用手册页，这些命令只能由root使用,如ifconfig
/usr/man/man9 核心例程─关于Linux操作系统内核源例程或者内核模块技术指标的文档

Section 1
user commands (introduction)
Section 2
system calls (introduction)
Section 3
library functions (introduction)
Section 4
special files (introduction)
Section 5
file formats (introduction)
Section 6
games (introduction)
Section 7
conventions and miscellany (introduction)
Section 8
administration and privileged commands (introduction)
Section L
math library functions
Section N
tcl functions

两根内存不匹配造成的恶果

昨天由于内存（硬件）的原因，搞得我又郁闷了一回
本来自己机子上有两根256的内存，每根两侧都有存储体，昨天搞了根256内存，只有单面有存储体，试着插了下，没开机。后来不知怎么搞的，忘了把原来的内存换回去，这样一根单侧有存储体的和一根双面有存储体的内存在一起，于是再开机时报错，说是找不到system32/drivers/pci.sys，但在别人机子上看我的硬盘，这个文件确实存在，后来把别人机子上的内存拷贝过来，还是不行，最后用ghost重装系统，重启后还是提示system32/ntoskrnl.exe(好像是这个名字，如果没自己错的话)，以为盘有问题，找卖家换了张，重装后还是不行，这个时候终于想到重插一下内存，还是不行，然后换了内存，终于好了！原来两根内存不匹配的后果如此严重！

Error: Cannot open/read repomd.xml file for repository: rhel_*

普通用户运行yum search man后
Loading "installonlyn" plugin
Loading "rhnplugin" plugin
Loading "priorities" plugin
This system is not registered with RHN.
RHN support will be disabled.
Setting up repositories
Error: Cannot open/read repomd.xml file for repository: rhel_*


之后死活不好，搜了半天也找不着原因，最后加上sudo竟然奇迹般的好了，在这之后不加sudo也没问题了！真是搞不懂

linux下完全手动配置上网(无VI)

系统没有VI，而且网络配置也没有，怎么办？
1. 配IP：ifconfig eth0 ip/24
2. dns: 备份并清空原始resolv.conf，echo nameserver ip >> resolv.conf
3. 路由：route add default gw ip
有问题的话，重启网络后再配置IP、路由。

MozBackup

今天发现有一款新软件：MozBackup，可以对Mozilla系列软件的配置与数据进行备份与还原，可以到mozbackup.jasnapaka.com或sourceforge下载，既有安装版也有绿色版，只可惜只能对已安装的软件进行备份操作，而我机子上一个重装操作系统后继续使用的firefox2，它就识别不了，估计以后可以解决这个问题，可以让自己选择被备份软件的路径。

关于ps命令

ps aux 全列出
ps u 列出自己的进程
ps u 用户 列出用户的进程
ps -e 列出所有进程
ps X -其它参数 列出详细信息
ps -p PID 列出ID为PID的进程的信息
ps -l -p PID 列出ID为PID的进程的信息(包括UID)
ps up PID 列出ID为PID的进程的信息（包括所属用户）

通过注册表更改Windows的默认路径

主要是两个地方：
1. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
2. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders和HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders和HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders和HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\User Shell Folders

1. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion里面指定了programfiles文件夹位置，把其中的ProgramFilesDir和ProgramFilesPath全改为D:\Program Files，即可。
2. 后面四个注册表选项指定了诸如：桌面路径、IE收藏夹（favorites）、我的文档、开始菜单之类的文件夹的位置；前两个和后两个的区别是：前者针对当前用户，后者针对所有用户。
3. 在设置“我的文档”属性时，直接右键，将其移动到指定位置如D盘即可，免得修改注册表麻烦。

安装Ubuntu桌面环境

jailtime下载的PV镜像默认没有桌面，用一下命令安装：
apt-get install xorg(估计较低版本的是x-window-system-core)
apt-get install gdm
apt-get install ubuntu-desktop (这一步花费很多时间，占用很多空间镜像从1.2G增加到2.7G，而前两步从几百兆增加到1.2G)

Kernel Logging, Log Ring Buffer, printk(), syslog-ng (转载)

共两篇，第一篇：

from: http://oguzhanozmen.blogspot.com/2008/09/kernel-log-buffering-printk-syslog-ng.html

Tuesday, September 16, 2008
Kernel Logging, Log Ring Buffer, printk(), syslog-ng
Kernel Log (Ring) Buffer

Linux kernel generates log messages using printk(). These messages are stored in a "ring buffer". The size of this buffer is controlled by a kernel configuration parameter:

CONFIG_LOG_BUF_SHIFT

The default value of this parameter is 14, which means 2^14 bytes, thus 16KB. The size of the buffer can not be changed online so it should be modified (if you'd like to have a larger or smaller buffer) before compiling the kernel (more information on kernel compilation). (1)

printk() - print() function at the Kernel level

printk() is used to print messages at the kernel level. The size of the message can not be larger than 1KB. Below is a sample printk() statement:

printk( KERN_INFO "message\n");

One can classify kernel messages according to their importance/priorities. Priority of a print statement is given by a log level macro. There are 8 priority levels defined in the kernel:

* KERN_EMERG - emergency the highest level
* KERN_ALERT, KERN_CRIT, KERN_ERR, KERN_WARNING, KERN_NOTICE, KERN_INFO, and
* KERN_DEBUG - debugging messages with the lowest priority

For more information on printk(): Linux Device Drivers, 3rd Edition.

How are Kernel Log Messages Exposed to User Space?

The log buffer is exposed to user through /proc/kmsg file. If the file is read one can catch the kernel log messages. In fact, there are available programs to display the ingredients of the file /proc/kmsg, and log the content of this file in a static file (e.g., klogd and syslogd deamons, and syslog-ng logging facility). /proc is a memory filesystem (it contains virtual files which reveals the current state of the running Linux kernel), and the content of /proc/kmsg are being overwritten. In addition, reading from /proc/kmsg is destructive; that's, once you read a line/message it's removed from the file.(2)

"syslog-ng" (system log new generation) is a widely used logging application in Linux systems. It can directly read from /proc/kmsg and log the messages into static file(s). "syslog-ng" can be regarded as the upgraded version of the old kernel deamon "syslogd".

syslog-ng

syslog-ng can be configured so that messages can be directed based on their priorities. That means you direct different level of messages to different files.

syslog-ng can be configured using the configuration file:

* /etc/syslog-ng/syslog-ng.conf (in SuSE Linux, you need to change syslog-ng.conf.in file which is used to generate syslog-ng.conf automatically by SuSE config).

In this configuration file, you define:

* the sources syslog-ng is using: for example, /proc/kmsg, /dev/log, etc.
* filters to identify the priority of a message or the facility from which a message is originated (news, mail, etc.)
* destination files to direct the messages belonging to certain group (based on filters)
* Finally, with "log" statements, you combine {source, filter, destination} to specify where to log which messages.

You can find some sample configuration files here, and some more information on logging with syslog-ng here.

Tuning syslog-ng for Performance

In "Monitoring Block I/O at Linux FileSystem Level" project, I am logging information on each block I/O using printk() function and syslog-ng logging facility. In our experiments, we can produce a trace file (i.e., a log file) of size 1 GB within couple of hours. As a result, to be able to configure HOW we log kernel messages into a static trace file is critical, we don't want to hurt the performance by producing too many I/O operations at a high rate.

However, using syslog-ng, you can control how you log the messages into a file. While defining a destionation file, you can set

* log_fifo_size: log buffer size (in terms of number of messages)
* fsynch(no): by saying "no", syslog-ng will not issue fflush() for each of the message received from the source; otherwise, it'd be catastrophic for the performance.
* flush_lines & flush_timeout: syslog-ng will flush either flush_lines many message are collected in the log buffer of the destination or flush_timeout is passed since the last flushing.

As a result, you can control the rate at which you write the syslog-ng destination files.

Example

Below is a simple example for a syslog-ng configuration file:

# defining a source: /proc/kmsg -> kernel messages
source my_source { file("/proc/kmsg" log_msg_size(1024)); };

# defining a filter: kernel messages with the level of KERN_DEBUG
filter f_myfilter { facility(kern) and priority(debug); };

# defining a destination file: it defines a log file (i.e., a.txt) which will have its
# own buffer with a size of 10000 messages. Messages are flushed from buffer
# to the log file if 8000 messages are collected in the buffer of 5 second is past
# since the last flushing.
destination my_destination { file("/home/user/a.txt" log_fifo_size(10000) fsync(no) flush_lines(8000) flush_timeout(5000) );};

# Finally, a logging point is defined using above source, filter, and destination:
log { source(my_source); filter(f_myfilter); destination(my_destination); };

Foot Notes:

(1) Some information may be kernel version dependant. I've considered Linux kernel 2.6.21 in this document.
(2) dmesg which also examines the kernel ring buffer is on the other hand non-destructive.


Written by Oguzhan Ozmen
Labels: Linux


第二篇：
新手学堂：摸清Linux日志处理的来龙去脉
from：
http://linux.banma.com/club/readsubart.php?b=linux&sid=1492

每个使用UNIX/LINUX的人都知道日志的用处,那你是否清楚LINUX这些日志信息处理的来龙去脉呢？

我们可以看到LINUX系统信息日志的途径基本有以下2种:

（1）dmesg查看----这个命令比较常见

（2）/var/log/下的文件

那下面我们就从这个2个途径着手,一步步的走下去.

（一）

首先,我们来看dmesg这个常见的命令背后隐藏的是什么!!

（1）先让我们来MAN一下这个家伙

-------------man dmesg--------------------------
NAME
dmesg - print or control the kernel ring buffer
SYNOPSIS
dmesg [ -c ] [ -n level ] [ -s bufsize ]
DESCRIPTION
dmesg is used to examine or control the kernel ring
buffer.
The program helps users to print out their bootup mes-
sages. Instead of copying the messages by hand, the user
need only:
dmesg > boot.messages
and mail the boot.messages file to whoever can debug their
problem.
OPTIONS
-c Clear the ring buffer contents after printing.
-sbufsize
Use a buffer of size bufsize to query the kernel
ring buffer. This is 16392 by default. (The
default kernel syslog buffer size was 4096 at
first, 8192 since 1.3.54, 16384 since 2.1.113.) If
you have set the kernel buffer to be larger than
the default then this option can be used to view
the entire buffer.
-nlevel
Set the level at which logging of messages is done
to the console. For example, -n 1 prevents all
messages, expect panic messages, from appearing on
the console. All levels of messages are still
written to /proc/kmsg, so syslogd(8) can still be
used to control exactly where kernel messages
appear. When the -n option is used, dmesg will not
print or clear the kernel ring buffer.
When both options are used, only the last option on
the command line will have an effect.

从LINUX提供的手册,我们可以得知一条最重要的信息dmesg是从kernel 的ring buffer(环缓冲区)中读取信息的.

（2）那什么是ring buffer呢?

在LINUX 中,所有的系统信息(包内核信息)都会传送到ring buffer中.而内核产生的信息由printk()打印出来。系统启动时所看到的信息都是由该函数打印到屏幕中。 printk（）打出的信息往往以＜0＞＜2＞...这的数字表明消息的重要级别。高于一定的优先级别会打印到屏幕上， 否则只会保留在系统的缓冲区中(ring buffer)。

至于dmesg具体是如何从ring buffer中读取的,大家可以看dmesg.c源代码.很短,比较容易读懂.

（二）

dmesg怎么搞的大家应该很明白了吧.至于/var/log/下的文件更是大家熟悉得不能再熟悉了!

（1）/var/log/..下为什么有这么多文件呢?
一句话解释: 是syslogd这个守护进程根据/etc/syslog.conf,将不同的服务产生的Log记录到不同的文件中.这里的/etc/syslog.conf我就不细说了,很多这方面的信息(去查吧).

（2）既然知道了,/var/log/..是由syslogd这个守护进程产生的.那就再顺着这条线走下去.

LINUX系统启动后，由/etc/init.d/sysklogd先后启动klogd,syslogd两个守护进程。
其中klogd会通过syslog()系统调用或者读取proc文件系统来从系统缓冲区(ring buffer)中得到由内核printk()发出的信息.而syslogd是通过klogd来读取系统内核信息.
我想至此,大家心理应该对log产生,读取等一系列的动作有所感觉.

总结
（1）所有系统信息是输出到ring buffer中去的.dmesg所显示的内容也是从ring buffer中读取的.
（2）LINUX系统中/etc/init.d/sysklogd会启动2个守护进程:Klogd&&Syslogd
（3）klogd是负责读取内核信息的,有2种方式:
syslog()系统调用(这个函数用法比较全,大家去MAN一下看看)
直接的对/proc/kmsg进行读取(再这提一下,/proc/kmsg是专门输出内核信息的地方)
（4）Klogd的输出结果会传送给syslogd进行处理,syslogd会根据/etc/syslog.conf的配置把log
信息输出到/var/log/下的不同文件中。

NB:根据我的理解，log ring buffer 就是 /proc/kmsg

DomainU hangs after "EXT3-fs: mounted filesystem with ordered data mode."

xen-3.3.1中，在配置文件中加上vnc选项，通过vnc访问时，可以正常访问，但注释掉vnc相关配置后，启动DomainU时，停在了
“EXT3-fs: mounted filesystem with ordered data mode.”
一句后面，后来在配置中加上
“extra="xencons=tty”
一句，就好了

IP/Port Scanner

IP扫描工具可以对某个网段内的所有IP进行探测，看哪些IP被占用，哪些没人用；而端口扫描可以扫描某机子的所有端口，看哪些打开，哪些没打开；一般这两种功能都集中在同一软件中。
今天试用了下Advanced LAN Scanner，它兼有IP扫描和端口扫描的功能，探测时有多个线程同时工作，很不错，可惜只在Windows下能用；
后来查了下linux下的相应工具，有：nmap、Nessus

xen-3.3.1的安装

经过千辛万苦，今天终于把xen-3.3.1安装上去了，现在俺想记录下俺的安装新的。
从xen-3.2开始，内核安装过程按照默认配置就有联网的操作（xen-3.1和以前的就不一样，只需把2.6.18.8的内核的bz2包拷贝到xen-3.1.0/ 文件夹下就可以了；），曾经尝试过改配置，让其从本地读取未修改的内核源码文件，但编译未通过，后来按照网上的某个方法编译通过了，结果把服务器搞挂了，现在想起来，估计是没有把内核文件放到正确的位置，当然也有可能是其他原因。于是最后不得不放弃，从而改用默认的配置。
由于网络原因，网速太慢以至于连不上xen的网站，安装过程中的联网操作无法完成，于是只能想办法用代理解决，后来用ssh的隧道+tsocks解决掉了这个问题，直接手动把hg的内容下载下来了：
hg clone http://xenbits.xensource.com/linux-2.6.18-xen.hg
但今天试了下好像又不行了，估计是那边的管理员发现他们的服务器流量异常，于是不让访问xen的网站了
幸好把linux-2.6.18-xen.hg保存下来了，下次操作时，只需更新一下新增的内容就可以了（hg的pull操作，安装时自动的操作，自己不用管）。

以下是全过程：
首先，hg clone http://xenbits.xensource.com/linux-2.6.18-xen.hg
得到linux-2.6.18-xen.hg/ 文件夹；可以将之打包：
tar jcf linux-2.6.18-xen.hg.tar.bz2 linux-2.6.18-xen.hg
/usr/src/xen-3.3.1.tar.bz2
这样的话，再次安装时，只需下载新增的内容即可，速度快多了：解包：
tar jxf linux-2.6.18-xen.hg.tar.bz2

第二步，将xen-3.3.1的压缩包解压到同一级目录：
tar jxf xen-3.3.1.tar.bz2
注意：xen-3.3.1和linux-2.6.18-xen.hg是在同一级目录；
后记：解压后修改Makefile，去掉与stubdom有关的所有行，省得待会儿安装stubdom，既没用又花时间下载压缩包。

第三步，进入xen-3.3.1目录，配置一下：
make -j 8 prep-kernels
（或者 make linux-2.6-xen-config CONFIGMODE=menuconfig）
查看build-linux-2.6.18-xen_x86_64/.config文件，若
CONFIG_BLK_DEV_LOOP=
后面是 y 则将其改为 m

随后，make -j 8 install 就可以全部编译并安装了（install之前make uninstall一下也行）
注：
在这一步，发现还是有下载的操作，那些小文件倒是感觉不出来，而 xen-3.3.1/stubdom/ 中的newlib-1.16.0.tar.gz文件有12M，花费了20多分钟才下载完（10K左右的速度），看来下次安装时先把这几个待下载的文件尤其是newlib-1.16.0.tar.gz先放到相应目录，而后再安装。

接下来，做一个initrd文件放到/boot/ 下：
depmod 2.6.18.8-xen
mkinitrd -v -f --with=aacraid --with=sd_mod --with=scsi_mod initrd-2.6.18-8.xen.img 2.6.18.8-xen
mv initrd-2.6.18-8.xen.img /boot/

最后，修改 /boot/grub/menu.lst
俺的如下：
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You do not have a /boot partition. This means that
# all kernel and initrd paths are relative to /, eg.
# root (hd0,0)
# kernel /boot/vmlinuz-version ro root=/dev/sda1
# initrd /boot/initrd-version.img
#boot=/dev/sda
default=1
timeout=1
splashimage=(hd0,0)/boot/grub/splash.xpm.gz
hiddenmenu
title Red Hat Enterprise Linux Server (2.6.18-8.el5)
root (hd0,0)
kernel /boot/vmlinuz-2.6.18-8.el5 ro root=LABEL=/ rhgb quiet
initrd /boot/initrd-2.6.18-8.el5.img

title Xen 3.3 / XenLinux 2.6
kernel /boot/xen-3.3.gz console=vga
module /boot/vmlinuz-2.6.18.8-xen root=LABEL=/ ro console=tty0
module /boot/initrd-2.6.18-8.xen.img

后记：由于想省去每次make prep-kernels的操作，于是make prep-kernels后就把xen-3.3.1文件夹拷贝到同一级目录下的xen-3.3.1-xen，进入xen-3.3.1-xen后，再make install，以前一直这样搞，没发现什么问题，今天删除xen-3.3.1后重新建xen-3.3.1文件夹，再拷贝到xen-3.3.1-xen，进入xen-3.3.1-xen编译出错，才发现编译后的vmlinuz跑到了xen-3.3.1里面！看来本来是想省时省力，没想到弄巧成拙。配置文件的某些路径仍然指向原来的路径。正确的方法应该是先拷贝一份“干净”的xen-3.3.1(未经配置的)到xen-3.3.1-xen，然后进入xen-3.3.1-xen，make prep-kernels，make install。


后记2：
xen-3.3.1的配置文件对vif可以这样配置：
vif = [ 'type=ioemu, bridge=eth1' ]
而在xen-3.1.0中如果用上这样的配置，那么虚拟机就启动不了，报错如下：
"xenconsole: Could not read tty from store: No such file or directory"
过一会字符界面会提示：
"Error: Device 0 (vif) could not be connected. Hotplug scripts not working."
如果按照xen-3.1.0的示例配置文件/etc/xen/xmexample.hvm，将配置改为：
vif = [ 'type=ioemu, bridge=xenbr0' ]
就可以正常启动了

后记3：
今天启动虚拟机时又碰到
Error: (12, 'Cannot allocate memory')
把eth1改为xenbr0后又出现
Error: Device 0 (vif) could not be connected. Could not find bridge device xenbr0
于是ifconfig了下，发现只有xenbr1，于是改为xenbr1后就正常了

ftp服务器对多线程的限制

前段时间，有一次用filezilla从某ftp服务器下载东西，结果一开始下载就断开连接，后来发现是服务器只允许一个线程下载，不允许同一个客户端用多个线程下载，最后在filezilla的设置中把线程数限制为1就好了。

midnight commander(a file manager)

今天偶然在UC发现有人在运行mc(midnight commander)，好奇的试了下，发现这东西还有点意思，man对它的解释是：
Visual shell for Unix-like systems.
在linux下，有些新手不熟悉命令行，于是就诞生了这些图形化的辅助工具。除mc外，yum或apt出来的类似工具还有：gpm、gnome-commander等。

而在wiki里把它归结到“传统的文件管理器（Orthodox file manager）”中，并对各种文件管理器作了对比。

NB：传统的文件管理器都是从Norton Commander发展而来，看来Norton这个公司确实很厉害；

文件管理器的例子如下：
* Alt Commander
* Altap Salamander
* Directory Opus
* Dos Navigator
* Double Commander
* Explorer++
* FAR Manager
* File Commander
* FreeCommander
* GNOME Commander
* KFM
* Konqueror
* Krusader
* Midnight Commander
* muCommander
* Nautilus
* Norton Commander
* PathMinder
* PowerDesk
* Risingware Exp+
* SE-Explorer
* Thunar
* Total Commander
* Volkov Commander
* WinSCP
* 7-Zip
NB：居然把winscp、7-zip等都归入file manager！详情见wiki。

gnuplot

gnuplot - A command-line driven interactive plotting program
可以用来画图（在Linux环境下）