Ask        RSS    SEARCH

================================================================================

Ruqi's Log

================================================================================

( 李如其的博客. 关于我  )

================================================================================

03/18/2014 23:16:39

Joomla mod_ariimageslidersa Trojan Horse

My linode server was hacked through joomla recently. /usr/bin/host is coerced to do multiple HTTP requests probably for DDoS, and it takes much of CPU & network resource.

I name it mod_ariimageslidersa because it replaced joomla mod_ariimageslider module and create mod_ariimageslidersa module. Also install binary files on static folders. I got git to track file changes so I know the difference. It’s hard to clean up if you do not got a site backup.

You may list related binary files with lsof -p {pid_of_host_process}

Suggestion for those who get infected unfortunately:

  • If you got site backup, restore the backup
  • If not, dump the database and re-install whole site.

To prevent further infection:

  • DO NOT run php cgi with root
  • cd {joomla_root_dir}
  • chmod -R 755 .
  • chmod -R 766 log cache tmp

Trojan sample files:

Similar complaint:

--------------------------------------------------------------------------------

01/15/2014 22:45:43

三亚 蜈支洲

三亚 蜈支洲

--------------------------------------------------------------------------------

12/10/2013 21:43:57

– View on Path.

– View on Path.

--------------------------------------------------------------------------------

12/02/2013 12:05:26

YiiExcel for yii v1.1.14

最近做一个网站外包,选择用yii。需要用PHPExcel 读写表格。于是找yii 里面如何用PHPExcel,最后找到yii extension YiiExcel。

其实有些其它的yii extension 也封装了PHPExcel,而且看起来用户量更大(根据下载数量)。但是不知道是如何封装的。如果多一层封装,就多一层API,实在不想去折腾。而YiiExcel 只是给PHPExcel 做yii 框架内的auto load,没有做多余的事情。于是用上了,但是说明文档有明显的错误。

--------------------------------------------------------------------------------

12/01/2013 20:01:00

iOS7 transition in code

UITableView 的改动

主要是UITableView 的默认样式有改动。iOS6 UITableViewCell 的 imageView 的左侧 x 轴起点是0。iOS 7 下imageView 左右侧有较大的 margin。如果要同时适配 iOS6 和 iOS7,需要根据系统版本判断文字的定位。

另外,iOS7 下继承 UITableViewCell 的CellView 的subview 需要加到 self.contentView,如果直接加到 self, 会导致界面错乱(iOS6下不容易出现)。

Status bar 状态设置

状态栏的设置分两种情况。

沿用iOS6 的Status bar layout

如果希望沿用iOS6 的Status bar layout,可以把 plist 中 UIViewControllerBasedStatusBarAppearance 项目设置为 NO(这一项默认为YES)。

然后在应用入口函数 application:willFinishLaunchingWithOptions: 设置应用默认的 Status bar style。如设置为iOS6 系统默认的黑色背景:

[[UIApplication sharedApplication] setStatusBarStyle:UIStatusBarStyleLightContent animated:YES];

在应用其它地方尽量不要修改 UIApplication 的 statusBarStyle 属性。即使在某些界面需要隐藏,界面退出是也需要做状态恢复。

这种模式下有个小问题。在应用启动时,Status bar 状态未定义,如果 Launch Images 的状态栏透明,启动应用时,状态栏会出现错乱,中间白色两边黑的。把 Launch Images 设置未不透明即可。

iOS7 的Status bar layout

iOS7 默认是让每个UIViewController 通过重载 preferredStatusBarStyle 方法去设置Status bar 样式。应用启动时的样式,可以通过修改 plist 文件设置默认状态栏样式:

UIStatusBarStyle: UIStatusBarStyleLightContent

不过上面只是设置状态栏样式。如果要让状态栏跟view 分离,不 overlap,可以把 edgesForExtendedLayout 设置为 UIRectEdgeNone

UIViewController 的 wantsFullScreenLayout 属性已经弃用。在iOS6以及之前,如果改属性为YES,系统会认为状态栏为透明,会让当前的view 填充整个屏幕。

参考:

UIViewController 的 view 高度变更

UIViewController 的 view frame 一般是到屏幕底部的。但是iOS7下,view.bounds 高度会变化。所以要定位底部的subview,最好是用 self.bounds.size.height 减去subview 高度来定位 origin 的y 值,避免使用(有屏幕高度决定的)固定值。

其它零碎问题

UIActionSheet 展示崩溃

[(UIActionSheet*)actionSheet showInView:]

方法可能会导致应用崩溃。 需要改为:

UIWindow* window = [[UIApplication sharedApplication] keyWindow];
if ([window.subviews containsObject:self.view]) {
    [actionSheet showInView:self.view];
} else {
    [actionSheet showInView:window];
}

参考:

--------------------------------------------------------------------------------

11/11/2013 07:02:00

TopCoder SRM 596 practice

I practiced SRM 596 recently. Share my thoughts about solutions on Div2 3rd & Div1 2ed problems.

Div2 3rd SparseFactorialDiv2

Problem Statement for SparseFactorialDiv2

Note the divisor is a prime number. So, F(n) is divisible by divisor, imply that there exists p, 0<=p<=k, such that (n - p^2) is divisible by divisor. So, we can enumerate all possible p, and accumulate the count to get the answer. One key problem is to avoid duplicated counting. My code is quite readable so you may learn this by my solution.

Div1 2ed BitwiseAnd

Problem Statement for BitwiseAnd

The problem is solved by greedy. In fact I am doubt the correctness, I cannot prove it.

  • For any bit position, the bit count for numbers in cool set should <=2.

  • For any number in cool set, there should be at least N-1 bits that for each bit, there is another distinct number in cool set (N-1 in total), that this bit is set.

So we can construct the missing numbers in cool set. Find the smallest number that got at least N-1 bits set each time by 2 constraints above, and add to the set.

There is my solution.

You may also refer Match Editorials for SRM 596. This may provide full theoretical proves.

--------------------------------------------------------------------------------

09/28/2013 10:55:00

利用KMP算法找出Z函数

最近做了 Hackerrank 上的一题:Save Humanity。题意是找出文本串中所有匹配模式串以及跟模式串只有一个不匹配字符的所有子字符串下标(可以重叠)。这个问题可以简化成找出文本串每个位置匹配模式串最长前缀的长度。

由于之前没有了解过Z Algorithm,所以直接拿KMP做。做了两三天,最后拿KMP 的前缀函数计算过程推导出 Z Algorithm 的 Z函数数值(即模式串每个位置匹配模式串前缀的长度)。后经过Isun 同学提醒,找了一下 Z Algorithm 相关资料。发现Z Algorithm 就是直接用状态机构造Z 函数的。于是想分享一下我自己对两种模式匹配算法的理解,前缀函数到Z函数线性映射的实现,以及分析一下 KMP 和 Z Algorithm 的本质联系。我个人是觉得KMP实现更优美的;所以希望熟悉KMP的朋友,能够用更顺手的方法计算 Z函数。

拿算法导论里的字符串举例:

  P = ababababca

假设前缀函数为F:

  i | 1 2 3 4 5 6 7 8 9 10
  F | 0 0 1 2 3 4 5 6 0 1

  123456789
  ababababca
    ababab a => Z[3] = F[8] = 6, Z[10] = F[10] = 1
      abab 
        ab
        

观察第一行匹配数值,可以总结出,对于一段尽可能长的前缀匹配段P[h,i], F[i]>0, h=i - F[i] + 1, Z[h]=F[i]

第二行和第三行则需要观察KMP前缀函数的构建过程,特别是匹配失败后,前缀函数跳转时也能设置某些位置的Z函数数值。

    12345678 9
P = abababab|ca
      ababab|abca => Z[9 - F[6]] = F[6] => Z[5] = 4
        abab|ababca => Z[9 - F[4]] = F[4] => Z[7] = 2
        

把上面的过程做完之后,可能还有一些点没有找到Z函数值。需要一次线性遍历。大致的想法是,在每个Z-Box 左侧到Z-Box 右侧或者后面的Z-Box 左侧之间,Z数值依次为Z[1], Z[2], Z[3] … 这一点很容易想想出来。

伪代码我就不整理了,可以参考我提交的题目的代码 (这段代码的F值往右偏移了一位,大家理解意思就好) 关于最后的线性遍历,我还不能证明其正确性,但是本题的代码确已经Accepted,说不定也能拿来过别的题~ 如果能找到反例,或者其正确性证明,欢迎提供。

另外,codeforces 有人提到 “one can transform Z<->prefix in O(n)”, 也有人给出通过Z函数算出前缀函数的伪代码,在这里发一下:

  for i = 1 to n 
    p[i + z[i]] = max(p[i + z[i]], z[i])
  for i = n to 1 
    p[i] = max(p[i+1] - 1, p[i])
    

我认为这个过程是不可逆的。不能直接从前缀函数算出Z函数。

参考:

  1. String Matching Z: https://www.cs.umd.edu/class/fall2011/cmsc858s/Lec02-zalg.pdf
  2. Z Algorithm: http://codeforces.com/blog/entry/3107 
  3. Notes on the Z-algorithm(作者本人写的): http://www.cs.ucdavis.edu/~gusfield/cs224f11/znotes.pdf
  4. 算法导论KMP相关章节

--------------------------------------------------------------------------------

08/24/2013 05:51:00

Publish my Skype account

User name: liruqi.com

Password: 6b27786b16078f77f7a7

I’ve removed all of my personal information on this account except user name. Use at will.

Now I gonna talk about why I’m doing this. I read Just Delete me on hacker news this morning. I remember I have got a account to delete too, but failed. And I tried again, and met exactly the same problem as the author: they require some detailed account information for verification. I provided it, only to have them telling me my information does not fully match what they got! And refused telling me exactly where is the dis-match for security reasons. Conversion with customer service guy looks pretty much like this, except that in the end after he wished me a pleasant day, I wished him never get laid in the rest of his life.

Account system has become a tool for collecting personal information by service providers, to make their report data looks nice. So many service providers are reluctant to physically delete user data. In fact this is potentially dangerous. They got your email, and one of your password (you cannot verified if password is stored in plain text if hashing is not done in end-user), they may leak, or sell, or use it for their own interest. There are few people do realize this and set separate password for each service.

Also I’d like that there is a database to record all published web accounts. If there is no one, I may build one on my own.

--------------------------------------------------------------------------------

06/09/2013 08:36:12

Rainbow at nightfall.

Rainbow at nightfall.

--------------------------------------------------------------------------------

05/26/2013 21:00:51

#无滤镜#

#无滤镜#

--------------------------------------------------------------------------------