Nicholas Ding

鉴于受服务器被黑的影响，为了增强安全性，打算取消密码登录的方式，改用 Key 登录。不过查了一圈中文的帮助，实在无法理解为什么这么简单的东西就没人能写的让人看明白。下面附上浅显易懂的英文教程一份，3 分钟搞定。

OpenSSH Public Key Authentication

主要流程是自己在本机使用 ssh-keygen 生成好密码，然后上传到服务器上相应帐户的 .ssh/id_dsa.pub 然后将其改成 .ssh/authorized_keys，然后从本机 ssh 过去就可以了，当然需要修改下 /etc/ssh/sshd_config 文件，为了保证安全把端口和允许密码认证都给改了，这样就算再多的 SSH brute force attempts 应该都没什么效果了。

运行在 Slicehost 的服务器被黑了，完全不知道怎么进入系统的，我觉得不太可能是通过 Django 做的网站进来的。昨天重新创建系统，没几分钟的时间检查 auth.log 发现又被进入了。通过 whois 79.117.133.110 看到的结果很有意思，这个 IP 已经被多次指责从事入侵，垃圾信息发布等违法行为了。

inetnum:        79.112.0.0 - 79.119.255.255
netname:        RO-RDS-20070529
org:            ORG-RA18-RIPE
descr:          RCS & RDS SA
country:        RO
admin-c:        CN19-RIPE
tech-c:         RDS-RIPE
status:         ALLOCATED PA
mnt-by:         RIPE-NCC-HM-MNT
mnt-lower:      AS8708-MNT
mnt-routes:     AS8708-MNT
source:         RIPE # Filtered

organisation:   ORG-RA18-RIPE
org-name:       RCS & RDS SA
org-type:       LIR
address:        Romania Data Systems SA
                Ciprian Nica
                Forum 2000 Building
                71-75 Dr. Staicovici
                050557 Bucharest
                Romania
phone:          +40 21 301 0850
phone:          +40 31 400 4243
fax-no:         +40 31 400 4207
admin-c:        CN19-RIPE
mnt-ref:        AS8708-MNT
mnt-ref:        RIPE-NCC-HM-MNT
mnt-by:         RIPE-NCC-HM-MNT
source:         RIPE # Filtered

role:           Romania Data Systems NOC
address:        71-75 Dr. Staicovici
address:        Bucharest / ROMANIA
phone:          +40 21 30 10 888
fax-no:         +40 21 30 10 892
abuse-mailbox:  abuse@rcs-rds.ro
admin-c:        CN19-RIPE
admin-c:        GEPU1-RIPE
tech-c:         CN19-RIPE
tech-c:         GEPU1-RIPE
nic-hdl:        RDS-RIPE
mnt-by:         AS8708-MNT
remarks:        +--------------------------------------------------------------+
remarks:        |    ABUSE CONTACT: abuse@rcs-rds.ro IN CASE OF HACK ATTACKS,  |
remarks:        |    ILLEGAL ACTIVITY, VIOLATION, SCANS, PROBES, SPAM, ETC.    |
remarks:        | !! PLEASE DO NOT CONTACT OTHER PERSONS FOR THESE PROBLEMS !! |
remarks:        +--------------------------------------------------------------+
source:         RIPE # Filtered

person:         Ciprian Nica
remarks:        Senior IP Engineer
remarks:        Romania Data Systems
address:        Bucharest, Romania
phone:          + 40 31 400 42 43
abuse-mailbox:  abuse@rcs-rds.ro
remarks:        ------------------------------------------------
remarks:        | Please don't send me any abuse complaints.   |
remarks:        | Use abuse@rcs-rds.ro for that or contact     |
remarks:        | your service provider or local authorities   |
remarks:        | !! DO NOT CALL ME REGARDING ABUSE ISSUES !!  |
remarks:        ------------------------------------------------
nic-hdl:        CN19-RIPE
mnt-by:         NIMACI-MNT
source:         RIPE # Filtered

% Information related to '79.112.0.0/13AS8708'

route:          79.112.0.0/13
descr:          RDSNET
origin:         AS8708
mnt-by:         AS8708-MNT
source:         RIPE # Filtered

今天偶然间看到一个新的模板系统，叫做 Jinja (日语：神社)

这个模板系统采用了类似 Django 的 non-XML 风格，语法和 Django 非常接近！今天用下来发现还是比较不错的，模板可以使用表达式计算，这无疑比 Django 要方便的多，而且还支持模板级别的 Macro 功能，实在不错。

长这么大第一次真正感受到了地震，记得是 5 月 12 日下午两点半过后，屋里特别安静，一共三个人，我盯着屏幕在思考。但是隐约感觉头晕，然后我站了起来，舒展一下，自言自语说感觉有点感冒了，头晕。没想到 Wang Chun 同学突然告诉我其实是地震了，简直不可思议，他居然给了我 USGS 关于这次地震的资料。这才是事发后的十几分钟，从数据上显示是四川境内的 7.8 级地震，完全没有概念的。之后陆续看到 MSN 上的朋友纷纷说地震了这才相信。

那时开始，网民们就开始骂地震局了，说是为什么不能够预测。估计那帮专家要回答这些也很吃力，不知道还有多少真正的专家，即时有对地震了解很多的专家要想精确预报地震也是非常困难的啊。

不过今天上网去了解下地震预测方面的知识，结果还真让人吃惊。历史上唯一一次精确预测地震发生的事件发生在中国！那是 1975 年 2 月 4 日的海城大地震，7.4 级。当时根据预测结果，疏散了一百万群众，很大程度上避免了大量人员伤亡。但是同样在 1976 年却未能成功预测唐山大地震，这次失败让中国的地震研究困惑了相当长一段时间。

现在不比当年了，言论更加自由了，所以更多的学术工作者从幕后走到幕前，开始谈论地震的种种，真是鱼龙混杂啊。不过有争论毕竟比藏着不说要好。

参考资料：
http://www.pnsn.org/INFO_GENERAL/eq_prediction.html
http://en.wikipedia.org/wiki/Earthquake_prediction

If you have a dedicated server online can be connected via SSH, you are really lucky. Get tired to search for a workable proxy to access the blocked site? There is a way via the powerful SSH.

Geek to Live: Encrypt your web browsing session (with an SSH SOCKS proxy)

But, if you are a facebook application developer, you must feel very painful to debug the application. Because it requires your application can be accessed by facebook servers, at least you should have public IP address or forwarding the traffic from your router.

Anyway, the problem can be easily solved. Thanks to my friend Wang Chun, he found a way to use SSH creates a tunnel that forwards traffic from server to the client. AWESOME!!

You can use option -R to listen on the port of server and forward the traffic to client.

-R [bind_address:]port:host:hostport
    Specifies that the given port on the remote (server) host is to be forwarded to the given host and port on the local side.  This works by allocating
    a socket to listen to port on the remote side, and whenever a connection is made to this port, the connection is forwarded over the secure channel,
    and a connection is made to host port hostport from the local machine.

    Port forwardings can also be specified in the configuration file.  Privileged ports can be forwarded only when logging in as root on the remote
    machine.  IPv6 addresses can be specified by enclosing the address in square braces or using an alternative syntax:
    [bind_address/]host/port/hostport.

    By default, the listening socket on the server will be bound to the loopback interface only.  This may be overriden by specifying a bind_address.
    An empty bind_address, or the address `*', indicates that the remote socket should listen on all interfaces.  Specifying a remote bind_address will
    only succeed if the server's GatewayPorts option is enabled (see sshd_config(5)).

Don’t forget to enable ‘GatewayPorts’ in the /etc/ssh/sshd_config.
Enjoy!