setting up OTRS 4

I was asked to evaluate some ticket tracking tools and OTRS came back into my mind. The following steps outline the procedure to have OTRS correctly installed on CentOS 7:

  1. LAMP stack; You probably already have it. And on your system you might have MariaDB instead of MySQL. That doesn’t matter.
  2. Install and configure Postfix and Dovecot.
  3. Make sure the following configuration for MySQL has been taken care of, especially for the 3rd line:
            max_allowed_packet=50M
            query_cache_size=32M
            innodb_log_file_size=1073741824
  4. Install some additional perl modules from EPEL repository.
  5. Install OTRS from command line:
    yum install --nogpgcheck http://ftp.otrs.org/pub/otrs//RPMS/rhel/7/otrs-4.0.11-01.noarch.rpm
  6. Once the installation is done, continue with the web installer from:
    http://<your host ip>/otrs/installer.pl
  7. Simply following the wizard and then you should have a working OTRS installation.
  8. Login to OTRS using super admin account. Go to “Admin->System Administration->Package Manager” and install additional packages. Typically you’d want have OTRS:ITSM and other related packages.

Up to here, you have a working installation. In order to work with OTRS, now you have to configure all the queues, agents, customers, groups, templetes, etc. Have fun!

通过截获gettext调用来修改WordPress的部分翻译

这是上一篇文章的中文版。

WordPress网站的页面底端通常有一句话,英文原文是“Proudly Powered by WordPress”,链接到WordPress网站。这句话当前的官方翻译是,“自豪地采用WordPress”。我个人认为,这个翻译是蹩脚的字面翻译,中国人不大会用这种语言致谢。更好的翻译应该是“低调地使用WordPress”。

但是要修改这一句话还不太容易,比较了多种方法之后,我采用了如下方法:

  1. 创建一个child theme。
  2. 在child theme的functions.php中加入如下代码:

[code language=”php”]
function change_attribute_line( $translated_text, $text, $domain ) {
        switch ( $text ) {
            case ‘Proudly powered by %s’ :
               $translated_text = __( ‘低调地使用%s’);
           break;
}
return $translated_text;
}
add_filter(‘gettext’, ‘change_attribute_line’,20,3);
[/code]
就可以了。

代码基本没有需要解释的地方。我在此处搜索$test而不是$translated_text仅仅是因为我觉得匹配英文字符串可能更快一些。

值得注意的是,此处的字符串中仍然包含有占位符”%s”。这就是说,gettext和它的filter是在占位符”%s”被替换之前调用的。

如果我搜索替换后的字符串“Proudly powered by WordPress”,是搜索不到的。我刚开始不明白(不仅WordPress文档没有指出这一点,网上好像也没有人遇到这个问题)所以在此花了很长时间。希望看到帖子的同学们可以节省一些时间。

Replacing WordPress translation by hooking to gettext

In a typical WordPress website, you see this line in the page footer:

“Proudly powered by WordPress”

This line links to WordPress website. The official Chinese translation of this line is:

“自豪地采用WordPress”

I’m using WordPress in several of my websites and I found it’s annoying: It’s a word to word translation and it’s simply not what we Chinese would say when we want to attribute something to someone. After some thinking, I think the appropriate translation should be:

低调地使用WordPress

“采用”emphasis the choosing of WordPress, “使用”emphasis the fact we are using WordPress right now.

The message is clear and typical Chinese: I’m a humble webmaster. All the glories go to WordPress.

So I set out to change the translation. It turned out to be rather complicated, but here’s how I finally accomplished it:

  1. Create a child theme of your current theme, because you’ll have to rewrite its logic and you don’t want your effort to be overwritten by an upgrade of that theme. The procedure of creating a child theme can be found here.
  2. In your function.php file, add the following lines:

[code language=”php”]
function change_attribute_line( $translated_text, $text, $domain ) {
        switch ( $text ) {
            case ‘Proudly powered by %s’ :
               $translated_text = __( ‘低调地采用%s’);
           break;
}
return $translated_text;
}
add_filter(‘gettext’, ‘change_attribute_line’,20,3);
[/code]

That’s it.

Notice that I search for $text instead of $translated_text. You can also search for $translated_text. That would be:
[code language=”php”]
        switch ( $translated_text ) {
            case ‘自豪地采用%s’ :
               $translated_text = __( ‘低调地使用%s’);
           break;
}
return $translated_text;
[/code]
I search for $text because I assume (I’m not sure) search for non-unicode string will be faster.

It’s worth noting that both strings have placeholders in it. Initially I was trying to search the whole string, “Proudly powered by WordPress” or “自豪地采用WordPress” and failed. The fact that the above code works tells us, gettext() and its filters are called before the placeholders get replaced. I spent a lot of time figuring this out. It’s not mentioned in the document, nor did anyone post this on the web. This is actually the key reason why I write this post. Someone from WordPress should update the document.

Computer, another origin

When talking about computer origin, people tend to think about chips, CPU, world war II and ENIAC, and in some occasions, date back to slide rule and Suanpan. This is also how it is taught in schools and universities. The logic behind this story line is, computer originated from the need for fast computing, especially arithmetic computing.

However, there’s another origin that is at least as important, has a longer history, and at least to some people, more fascinating. That is how the architecture of modern computer came into being. Computer nowadays is so powerful that sometimes it seems inconceivable to link it to its ancient ancestors. On the other hand, you only have to look into some of the remarkable masterpieces of the past to know the linkage is simply undeniable.

A recent BBC program I watched, “Mechanical Marvels – Clockwork Dreams” showed one of such remarkable masterpieces: A mechanical machine boy that is able to write up to 40 letters of text, depending on the configuration, built back in 1770s.

What makes it remarkable is, the fact that the text is customizable. That means, the mechanical boy is programmable.

Of course, it’s still an Finite State Machine, but being programmable, that means adding scratch memory to it and then it will be a complete Turing Machine!

It’s actually from this origin where techniques were developed for modern computer scientists to deal with abstract topics like computational complexity, formal language.

创建DVD Video光盘

朋友需要制作DVD,遇上很多问题。我帮忙查了一下,发现这方面的信息散见于各个论坛,多数仅适用于单一场景,没有一个完整统一的指导手册(因为DVD Video的标准是非公开的,付费5000美元才能得到相关授权,还必须签订保密协议)。因此尝试把相关信息整理如下。

首先,这里说的DVD,是指DVD Video。它的标准由DVD Forum制定。这个标准不仅限定了存储介质,文件系统,目录结构,也限制了视频编码方式。

DVD Video使用标准DVD光盘作为存储介质。22厘米直径,使用650nm激光读取。

DVD Video采用UDF Bridge文件系统。此文件系统兼容ISO9660文件系统。

DVD Video有如下目录结构:

DVD Video文件结构 - From Wikipedia
DVD Video文件结构

视频文件就存储在\VIDEO_TS\目录下。其中.VOB文件包含视频,其它文件是各种辅助文件。比如DVD菜单和章节信息。

因为有以上要求,DVD光盘刻录软件中通常有单独的制作DVD Video的选项。选中这个选项就可以制作标准的DVD Video光盘。下面来谈一谈视频的压制和字幕的制作。

继续阅读创建DVD Video光盘

为什么不应该尝试自创加密算法/协议?

偶然在知乎上看到一个类似的问题,没有看到令人满意的回答,遂决定自己尝试一下。

阅读任何一本现代密码学的基础书籍,读者都会被提醒:不要尝试自己发明加密算法(或者协议)。Please don’t try to invent your own encryption algorithm or protocol。

但是,对于对现代密码学所知不多,而又有自尊心的理工男而言,这么一句话简直是在下挑战书。因此,这里尝试提供一个完整的说明。

首先,并不是所有人都被禁止发明加密算法和协议。如果你有两个数学博士学位,在密码学圈子浸淫数十年,对现有的安全体系了如指掌,又看到了现有算法或协议的可改进之处,学界和工业界都会欢迎你做出新的贡献。当然,这只是打个比方,也可能有人原本没有任何头衔,却因为发明了新的算法而一举成名。重点在于,你需要首先了解现状和最新进展,从头发明轮子是不智的。而了解密码学现状和最新进展,已经是很高的门槛。如果你已经越过这个门槛,很可能你已经打消了最初的冲动,也不再是入门书籍的目标受众了。

其次,这个警告适用于需要严肃对待信息安全的情境。如果你只是想对你的女朋友保密,或者只是想瞒过你的领导,你自己发明一个什么算法可能也就够了。

那么对于无法跨越现代密码学门槛,而又需要认真对待信息安全的人(比如你的软件产品或者系统会保存很多用户信息)来说,如何抑制这种冲动呢?

首先需要理解的是,现代加密算法和协议的安全性不依赖于对算法的保密。自创算法并不能提高安全性,而公开的算法安全性很好。大部分打算自创加密算法的人对这一点不甚了了,还有一部分听说过这个说法但是心存幻想。

其次,安全是一个系统工程,任何一个地方的细微失误都会影响整个体系的安全性。已有的算法和协议经受过多年锤炼,其中包含很多很多精妙的细节。自创的算法协议的安全性不可能与已有的公开算法的协议相提并论。换句话说,自创算法和协议协议的安全性只会比已有的公开算法差。

最后,现代计算的计算能力非常惊人,破解有缺陷的加密算法非常容易。因此,如果你对安全和加密严肃认真,请不要使用自创算法

RSA illustration with not-so-small numbers – part 2

Let’s have a closer look at the encryption. During the communication, what’s been exposed are:

Alice’s public key (n=2627, e=13) , and the encrypted message.

For anyone who’s entered the world of modern cryptography from the old age, it’s tempting to try to decrypt the encrypted message using the encrypting key, the public key.

For these people, I have the below chart that shows the mapping between the plain text and the encrypted data:

encryption_mapping

x-axis is the plain-text data (sorted from 1 to 2627) and y-axis is the encrypted data(from 0 to 2626). I did the calculation using this line of script:

~$ for i in `seq 1 2627`; do echo "$i^13 %2627" | bc; done > /tmp/encryption.mapping

Below is part of this chart zoomed-in:

encryption_mapping_part

So you know the encrypted data, let’s say 2144, and you know the public key (n=2627, e=13). How do you find the number x such that x^13 % 2627 = 2144.

You cannot unless you compute everyone possible 1<x<2627 and then find the correct one. That’s brutal force. This is one of the basic assumption behind the security of RSA: There’s no efficient way to find x. This is called the discrete logarithm problem.

In real world scenarios, the 2 prime numbers will be so large that brutal force is simple impractical.

Then to decrypt the message, one would need the private key. The private key is the modular inverse of phi(n). However, in order to get phi(n), he has to know the factors that form n. And factoring large number is mathematically hard. That is the other assumption behind the security of RSA: There’s no efficient way to factor a large number.

As you will see in other places, these 2 assumptions are the corner stones of modern cryptography.

RSA illustration with not-so-small numbers

Modern cryptography is difficult to understand without illustrations. One of the reason is, modern cryptography involves very large numbers that easily exceed the capacity of a standard calculator, let alone human comprehension. There are some illustrations out there using small numbers. The problem is, the numbers are too small to be convincing. So I’d like to try some no-so-small numbers here. Most of the necessary calculations can be done with GNU bc, so you can try yourself on just any GNU Linux distribution.

Let’s say Bob wants to send the below number to Alice (and make sure only Alice can decrypt the message):

520

Here’s what Alice will do first:

  1. Pick up two distinct prime numbers. The numbers should be sufficiently large so that brutal force is difficult. Here we choose p=37 and q=71.
  2. Calculating n=pq=37*71=2627.
  3. Calculating the n‘s totient function: phi(n)=(p-1)*(q-1)=2520.
  4. Pick a number e between 1 and phi(n) that is co-prime with phi(n). Here we choose 13.
  5. Find number d so that e*d mod (phi(n)) =1. Here we choose 1357. This step cannot be done with bc. Intead, you can try this online calculator. Just put “modinv(13,2520)” in the text field and then press “go” you’ll get the result.

Now Alice has a public key (n=2627, e=13) and a private key (n=2627, d=1357). She can simply distribute her public key to everyone, including Bob.

Now for Bob to encrypt the message 520 to Alice, he has to encrypt the message using Alice’s public key:

520^13 % 2627 = 2235

Now Alice received this number 2235 from Bob. In order to decrypt this message, she do the following calculation(using her private key):

2235^1357 % 2627 = 520

Actually, here Bob can encrypt just any number that is less than or equal to n=2627 in this way.

Bob:

1^13 % 2627 = 1

Alice:

1^1357 % 2627 = 1

Bob:

2^13 % 2627 = 311

Alice:

311^1357 % 2627 = 2

Bob:

3^13 % 2627 = 2361

Alice:

2361^1357 % 2627 = 3

Bob:

4^13 % 2627 = 2149

Alice:

2149^1357 % 2627=4

Bob:

137^13 % 2627 = 2431

Alice:

2431^1357 % 2627 = 137

If his message is large, then he has to split his message into chunks that are smaller than n and encrypt them one by one.

Note that this only illustrates how Bob can send secrete messages to Alice. If Alice wants to send secrete messages to Bob then she has to have Bob do the same first:

  1. Pick up 2 sufficiently large prime numbers;
  2. Get the product of these 2 prime numbers – This is part of the keys;
  3. Get the totient of this product;
  4. Pick a number that is co-prime with this totient but smaller – This combined with the product is the public key;
  5. Find the number that is the multiply modular inverse of this number – This combined with the product is the private key;

Then Bob sends his public key to Alice and Alice can encrypt the messages using Bob’s public key. Upon receiving the messages, Bob can decrypt the messages using his private key.

关于中国地图坐标偏移

这个问题曾经困扰我很长时间,因为没有权威资料,各方面的信息混乱,大家使用不同的名词,导致很多误解。这里尝试总结廓清一下。

  • 什么是地图坐标偏移

地图偏移在官方看来是一个坐标系问题,即官方要求中国所有的地图使用GCJ-02坐标系(被广泛称为火星坐标),而从其他坐标系到GCJ-02坐标系的转换算法是保密的。

然而GCJ-02不仅仅是一个坐标系选择的问题。把卫星地图和官方的GCJ-02地图进行重合可以发现,两者的偏差是非线性的(无法通过平移和缩放把一个重合到另一个上去)。因此,有理由认为,GCJ-02地图是经过某种偏移的。(在卫星地图上一条直线在GCJ-02地图上将不是直线)

  • 国内不同厂商提供的地图是否一致?

国内所有的厂商提供的地图都是GCJ-02地图,因此是可以通过平移、缩放重合的。不同的厂商可能采用不同的坐标系,但这些不同的坐标系跟GCJ-02的区别是线性的。

  • GPS设备呢?

GPS设备通常返回WGS-84坐标,因此如果直接标注到GCJ-02地图上会不准确。没有证据表明GPS信号或者GPS芯片被修改。国产的GPS设备可以返回GCJ-02坐标,但是不清楚这种坐标转换是硬件实现还是可以软件实现。

  • 地图怎么可能被偏移而不被察觉

从现有资料看,偏移发生在大尺度上。因此,如果不跟外部系统(非GCJ-02系统)进行对比,日常生活的确不会有影响。这里有一片文章根据泄露出来的数据对偏移算法进行了回归。这里是回归的结果。

总结,根源是政府掌握了地图的测绘资质和发布资质。GPS输出结果必须做相应的便宜,否则无法被准确地标记到地图上去。

How to dodge “the Great Cannon”

I don’t want to go in details and risk my own blog. So basically one of the scripts that’s very common among websites is targeted and redirection code was injected.

Using Adblock, you can simply block this script:

http://platform.twitter.com/widgets.js

And then you won’t get redirected. It’s that simple. 🙂

There might be other scripts I haven’t encounter yet, but you should be able to use the same technique to block them as well.