Thursday, May 31, 2018

何謂「自主硏發」?

最近經常聽到或見到「自主硏發」這個詞語。可是中國香港的同胞們都經常誤解了這個詞語,他們認為「自主硏發」是由零做起的,但我並不同意這個看法。

根據「百度百科」的資料,「自主」是指 :

「自主指自己作主,不受别人支配。心理学中自主就是遇事有主见,能对自己的行为负责。」

根據「百度百科」的資料,「硏發」是指 :

「研发,英文为 Research & Development,简称 R&D,即研究开发、研究与开发、研究发展,是指各种研究机构、企业为获得科学技术(不包括人文、社会科学)新知识,创造性运用科学技术新知识,或实质性改进技术、产品和服务而持续进行的具有明确目标的系统活动。一般指产品、科技的研究和开发。研发活动是一种创新活动,需要创造性的工作。」

現在有很多科技項目都是開源的,原創者或作者容許其他人在其的開源契約下免費使用或更改,然後再以開源契約再發行。這樣我們並不需要將車輪再發明,只要站在智者和賢者的肩膊上再創新就可以了。

例如我有幾個開源項目都是基於另一個或一些開源項目開發的,好像「牛角麵包」(Croissants),她主要是基於開源的 Suricata 引擎和其他的開源項目,由我硏發出來的入侵防禦系統。例如我的另一套開源項目「夜鷹」(Nighthawk),她是基於一個開源項目 Tor 來開發的。又例如我的另一套人工智能網頁防火牆「龍井」(Longjing),她是使用了 Scikit-Learn 的開源程式庫來開發的。這些都是由我自行開發的開源項目,這也可說是「自主硏發」吧。

所以我個人認為「自主硏發」這個詞語並不是指所有的開發都是由零開始的。這就好像我們不需要再發明飛機,只要改良飛機便可以了。又或者可以由飛機這個項目進化到另一個產品項目一樣。

参考連結 :

「百度百科」-「自主」
「百度百科」-「硏發」
「牛角麵包」
「夜鷹」
「龍井」
Wikipedia - Research and Development


後記

「自主硏發」這個詞彙的由來或多或少是有其歷史背景的。一直以來,美國是禁止高科技產品出口到中國,如有違反會予以監禁和巨額罰款,如果你是華人的話還冠以間諜罪名。所以中國便要硏發出相應產品供國內使用,而這詞彙就不脛而走了。


Wednesday, May 30, 2018

HOWTO : Hardening And Tuning Of Ubuntu 18.04 LTS

This guide is going to hardening and tuning your Ubuntu Server/Desktop 18.04 LTS without extra effort.

(A) Buffer Overflow Prevention

Make sure "No Execute (NX)" or "Execute Disable (XD)" in the BIOS/UEFI has been enabled. Then run the following command :

sudo dmesg | grep --color '[NX|XD]*protection'

[ 0.000000] NX (Execute Disable) protection: active

If you see the captioned output or similar, you have set it right.

(B) Kernel Hardening and Tuning

Copy the content to the file "60-croissants.conf" :



sudo nano /etc/sysctl.d/60-croissants.conf
sudo sysctl -p /etc/sysctl.d/60-croissants.conf


The configure file would hardening the kernel with parameters which is including ASLR.

(C) Firefox Hardening (For Desktop Only)

sudo apt install apparmor-utils
sudo aa-enforce /etc/apparmor.d/usr.bin.firefox


To change to complain mode :

sudo aa-complain /etc/apparmor.d/usr.bin.firefox

(D) SSD Tuning

Append "scsi_mod.use_blk_mq=1" to "GRUB_CMDLINE_LINUX_DEFAULT" :

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash scsi_mod.use_blk_mq=1"

sudo update-grub

Then reboot the box.

(E) File System Tuning

Insert "noatime,nodiratime,norelatime," to the "/dev/mapper/ubuntu--vg-root" :

/dev/mapper/ubuntu--vg-root / ext4 noatime,nodiratime,norelatime,errors=remount-ro 0 1

sudo mount -a
sudo mount -o remount /


Make sure there is no error displayed. If you find there is an error, do not reboot the box until you have fix what you have edited. Otherwise, you cannot reboot the box properly.

That's all! See you.


Monday, May 28, 2018

[RESEARCH] How Secure Of Your Wifi Netowrk

Some information security experts still suggested to hide your SSID and set MAC address filtering in addition to WPA2, AES and strong passphrase setting in order to keep your wireless network secure.

However, most wireless hacking tools can unhide the hidden SSID, meanwhile, MAC address can be easily spoofed. Fortunately, there is a feature that can be used to harden your wireless network. It is namely Protected Management Frames or IEEE 802.11w even it is still not a standard since 2009.

What are Protected Management Frames (IEEE 802.11w) ?

Wi-Fi CERTIFIED WPA2 with Protected Management Frames provides WPA2 protection for unicast and multicast management action frames. Unicast management action frames are protected from both eavesdropping and forging, and multicast management action frames are protected from forging. WPA2 with Protected Management Frames augments WPA2 privacy protections already in place for data frames with mechanisms to improve the resiliency of mission-critical networks.

In order to understand how does it work for the security of a wireless network, I did some experiments for the purpose.

Hardware

(1) Home wireless router with the feature of Protected Management Frames;
(2) Android 6.0 at 2.4GHz smartphone;
(3) Android 7.0 at 5GHz smartphone;
(3) Macbook Pro (Retina Mid 2012) with macOS High Sierra (10.13.4) at 5GHz;
(4) Macbook Air (Mid 2013) with macOS High Sierra (10.13.4) at 5GHz;
(4) Lenovo Thinkpad X201s (as 2.4GHz attacker); and
(5) TP-Link Archer T4UHP (as 2.4/5GHz attacker)

Software

(1) Parrot Security OS 4.0.1 64-bit;
(2) WAIDPS 1.0 R6j; and
(3) Aircrack-NG 1.2

Lenovo Thinkpad X201s installed Parrot Security OS 4.0.1 with the latest update and running WAIDPS which is powered by Aircrack-NG 1.2 as attacker.

The home wireless router and the testing wifi devices are set to WPA2 and AES encryption. The firmware of the wireless router is up-to-date. Since the home wireless router is dual bands, 2.4GHz and 5GHz, I set some of the testing devices to 5GHz. The home wireless router is set to AP mode as I already have a wired router in the network.

Once the 4-way handshake is captured from wireless router and devices, attackers can brute force the captured packets to obtain the passphrase of the wireless router.

Experiment

The Protected Management Frames can be set to "disabled", "capable" and "required" on the home wireless router.

(a) Disabled

When the Protected Management Frames (PMF) at the wireless router is set to "Disabled". All wireless devices can be disassociated and the 4-way handshake can be captured.

(b) Capable

When the PMF is set to "Capable" at the wireless router, all devices can connect to the router without problem. However, the wireless devices can be disassociated and the 4-way handshake can be captured.

(c) Required

When the PMF is set to "Required", only Macbook Pro and Macbook Air can be connected to the wireless router and it cannot be disassociated as well as the 4-way handshake cannot be captured.

(d) extra

When the PMF is set to "Capable" and all the devices are disconnected as well as re-connected to the wireless router, the 4-way handshake can be captured.

When the PMF is set to "Required" and Macbook Pro as well as Macbook Air are disconnected and re-connected to the wireless router, the 4-way handshake cannot be captured.

Conclusion

Purchase a wireless router that equipped with Protected Management Frames feature and set it to WPA2, AES and PMF to "Required" with wireless devices that compatible to PMF, such as macOS 10.13.4.

However, not all wireless routers and/or wireless devices are equipped with this feature even it is an expensive/high-end or commercial model.

Finally, when you find a wireless router that equipped with this feature, make sure to update the firmware to the latest version often.

By the way, I am unwilling to provide the brand name of the home wireless router that I tested. Sorry for that!

That's all! See you.


Wednesday, May 23, 2018

Ubuntu 18.04 LTS Performance Tuning or not

After several experiments, I confirmed that previous performance tuning for Ubuntu 16.04 LTS does not fit for Ubuntu 18.04 LTS. The previous performance tuning, such as hard drive read/write, will slow down the performance of Ubuntu 18.04 LTS. If you implemented such tuning in Ubuntu 18.04 LTS and noticed the performance drops, you may consider to turn it off or disable it.

For example,

echo 1024 | sudo tee /sys/block/sda/queue/read_ahead_kb
echo 1024 | sudo tee /sys/block/sda/queue/nr_requests


That's all! See you.


HOWTO : Upgrade Parrot Security OS 3.11 to 4.0.1

Parrot Security OS 4.0.1 is released recently. You can upgrade to the latest version by the following commands.

sudo apt purge tomoyo-tools
sudo apt update
sudo apt full-upgrade
sudo apt autoremove


That's all! See you.


Wednesday, May 16, 2018

HOWTO : Install golang 1.10 on Ubuntu 18.04 LTS

The current version of golang in Ubuntu 18.04 LTS is 1.10.1 at the time of this writing.

Install

sudo apt update
sudo apt install golang


Check

go env
go version


Workspace

mkdir -p {,~/go/bin,~/go/pkg,~/go/src}

That's all! See you.


Sunday, May 13, 2018

HOWTO : Install Gnome Shell Extensions on Ubuntu 18.04 LTS

Ubuntu Desktop 18.04 LTS is now default with Gnome. You can tune the Gnome with this tool.

sudo apt update
sudo apt install gnome-tweaks gnome-tweak-tool


The following are some useful Gnome Shell Extensions that come with Ubuntu 18.04.

If your computer or laptop do not has hard disk led, this extension is good for you.

sudo apt install gnome-shell-extension-hard-disk-led

If you do not have multi-media keyboard, this extension is for you.

sudo apt install gnome-shell-extension-mediaplayer

You can monitor the CPU loading, Memory usage and Internet traffic with this extension.

sudo apt install gnome-shell-extension-system-monitor

You can know current and forecast of your local weather with this extension.

sudo apt install gnome-shell-extension-weather

If you have some old system tray icons, you may need this extension. However, some old system tray icons do not compatible with this extension.

sudo apt install gnome-shell-extension-top-icons-plus

Run Gnome Tweaks to enable the extension(s) that you have installed. After that, logout and re-login.

To see all the Gnome Shell Extensions that come with Ubuntu 18.04.

apt-cache search gnome-shell-extension

That's all! See you.


HOWTO : Upgrade Ubuntu Gnome 16.04 LTS to Ubuntu Desktop 18.04 LTS

There is no version 18.04 for Ubuntu Gnome at the moment. If you want to upgrade from Ubuntu Gnome 16.04 to Ubuntu 18.04, you can follow the procedure below.

Step 0 :

update-manager -cd

After that, reboot the box.

Step 1 :

sudo apt remove gnome-session ubuntu-gnome-desktop gnome-session-flashback plymouth-theme-ubuntu-gnome-text plymouth-theme-ubuntu-gnome-logo gnome-session-flashback

select "gdm3" when asked.

Step 2 :

sudo update-alternatives --config default.plymouth

select "auto mode" of "/usr/share/plymouth/themes/ubuntu-logo/ubuntu-logo.plymouth"

Step 3 :

sudo update-initramfs -u

Then reboot.

That's all! See you.


HOWTO : Radiotray-NG on Ubuntu 18.04 LTS

Radiotray-NG is internet radio program to streaming music and online radio.

wget https://github.com/ebruck/radiotray-ng/releases/download/v0.2.2/radiotray-ng_0.2.2_ubuntu_18.04_amd64.deb
sudo dpkg -i radiotray-ng_0.2.2_ubuntu_18.04_amd64.deb
sudo apt --fix-broken install


RTHK Radio Channels (Optional)

Radio 1 - http://rthk.hk/live1.m3u
Radio 2 - http://rthk.hk/live2.m3u
Radio 3 - http://rthk.hk/live3.m3u
Radio 4 - http://rthk.hk/live4.m3u
Radio 5 - http://rthk.hk/live5.m3u
Putonghua - http://rthk.hk/livepth.m3u

After adding or editing the channels, make sure to reload the bookmarks.

That's all! See you.


Thursday, May 10, 2018

HOWTO : Install Deepin Desktop Environment on Ubuntu Desktop 18.04 LTS

Deepin Desktop Environment (DDE) is an open source project by Deepin Technology Ltd. Co., Wuhan, China. Besides install Deepin Linux 15.5 or higher, you can install it on Ubuntu Desktop 18.04 LTS.

Install Deepin Desktop Environment (DDE)

sudo add-apt-repository ppa:leaeasy/dde
sudo apt-get update
sudo apt install dde


The following is for experiment only (not recommended by the PPA creator).

sudo apt install dde deepin-gtk-theme dde-control-center-plugin-notify dde-control-center-plugin-weather redshift libfprint0 dnsmasq cgroup-tools imwheel libpam-fprintd fprintd network-manager-l2tp network-manager-openconnect network-manager-openvpn network-manager-vpnc minicom deepin-calculator dde-file-manager

Install RecordMyDesktop (Optional)

sudo apt install gtk-recordmydesktop

* when "Window Effect" is disabled, "Deepin Screen Recorder" and "Multitasking View" will be disabled too.

Set Font of the system (Optional)

Set Font to "Ubuntu" and "Ubuntu Mono" and set font size larger when necessary.

Disable Window Effect Mode (Optional)

When you find booting to desktop taking a longer time and playing video files lagging, you need to consider to disable the Window effect as your display card is not strong enough.


The following optional settings are for Chinese only. Ubuntu default ibus is not compatible with Deepin DDE and you need to use fcitx instead.:

If you are using English version Ubuntu, you are required to install the Traditional Chinese fonts or Simplified Chinese fonts.

Traditional Chinese

sudo apt install language-pack-gnome-zh-hant-base language-pack-gnome-zh-hant

or

Simplified Chinese

sudo apt install language-pack-gnome-zh-hans-base language-pack-gnome-zh-hans

Install Cangjie Quick Input Method (Optional)

sudo apt install fcitx fcitx-table-quick-classic fcitx-config-gtk

Install Cantonese Input Method (Optional)

sudo apt install fcitx fcitx-table-cantonese fcitx-config-gtk

Install Cangjie 3rd Generation Input Method (Optional)

sudo apt install fcitx fcitx-table-cangjie3 fcitx-config-gtk

Install Cangjie 5th Generation Input Method (Optional)

sudo apt install fcitx fcitx-table-cangjie5 fcitx-config-gtk

After installing desired Chinese Input Method, go to "Language Support" to set from "ibus" to "fcitx" and make sure to install missing packages when asked in launching "Language Support". To toggle the Input Method by pressing "Ctrl+Space" and set your Input Method as default when necessary.





You can even switch between Gnome and Deepin desktop environment when you are going to login. If you want to delete the Deepin DDE forever, you can run the following commands :

sudo apt remove dde

or

sudo apt remove dde dde* deepin* deepin-gtk-theme dde-control-center-plugin-notify dde-control-center-plugin-weather redshift libfprint0 dnsmasq cgroup-tools imwheel libpam-fprintd fprintd network-manager-l2tp network-manager-openconnect network-manager-openvpn network-manager-vpnc minicom deepin-calculator dde-file-manager
sudo apt autoremove
sudo apt update



Reference

How to Install Deepin Desktop Environment on Ubuntu 18.04

That's all! See you.


Tuesday, May 01, 2018

HOWTO : upgrade Ubuntu 16.04 LTS to 18.04 LTS on Croissants

First of all make sure your Croissants box has sufficient free hard drive spaces, otherwise, the upgrade will fail.

sudo apt install update-manager-core
sudo do-release-upgrade -d


Answer "Y" to all questiones asked.

After the upgrade, you need to run the following commands :

Remove the first "# " from /etc/apt/sources.list.d/evebox.list
Remove the first "# " from /etc/apt/sources.list.d/elastic-5.x.list

sudo update-java-alternatives -s java-1.8.0-openjdk-amd64
sudo systemctl enable logstash
sudo systemctl enable elasticsearch
sudo systemctl enable kibana


Then you can reboot your Croissants.

That's all! See you.


HOWTO : Upgrade Ubuntu Server 16.04 to 18.04

Ubuntu 18.04 LTS is just released. It is a high time to upgrade your Ubuntu Server 16.04 LTS to 18.04 LTS. To upgrade it, make sure you have sufficient free space.

Step 1 :

sudo apt install update-manager-core
sudo do-release-upgrade -d


You need to answer "Y" to all questions asked.

Step 2 :

Make sure to enable all the required repositories at /etc/apt/source.list.d/ and then run the following command.

sudo apt update

Step 3 :

If you have application that works only on Java 8, make sure to do the following.

update-java-alternatives -l
sudo update-java-alternatives -s java-1.8.0-openjdk-amd64


or

sudo update-alternatives --config java

Then, select Java 8

Step 4 :

If your system is running PHP, you need to reinstall all the required packages. For example,

sudo apt-get install php7.2-cgi php7.2 php7.2-cli php7.2-mysql php7.2-curl php7.2-gd php7.2-intl php7.2-imap php7.2-pspell php7.2-recode php7.2-sqlite3 php7.2-tidy php7.2-xmlrpc php7.2-xsl apache2-utils php7.2-fpm php-memcache php-imagick mysql-server mysql-client php7.2-mbstring php7.2-zip

Make sure to do the following when you are using php7.2-fpm on Apache2 :

sudo a2enmod php7.2
sudo a2enconf php7.2-fpm
sudo systemctl enable php7.2-fpm
sudo systemctl enable apache2
sudo systemctl restart php7.2-fpm
sudo systemctl restart apache2


That's all! See you.