True EDGE

This time I read the guide on ConTeXt Wiki and learned some basic commands doing quotation.
Not very much today in fact.
1.single quotes (’):

\quote{some text}

2.double quotes (”):

\quotation{some text}

3.long quote sections:
For single quote:

\startquote ... \stopquote

For double quotes:

\startquotation ... \stopquotation

4.Nested quotations:
Add following lines first:

\setupdelimitedtext
  [quotation]
  [1]
  [left={\symbol[leftquotation]},
   right={\symbol[rightquotation]}]
 
\setupdelimitedtext
  [quotation]
  [2]
  [left={\symbol[leftquote]},
   right={\symbol[rightquote]}]
 
\setupdelimitedtext
  [quotation]
  [3]
  [left={\symbol[leftquotation]},
   right={\symbol[rightquotation]}]

Then try with:

\starttext
Testing, \quotation{A long quotation in which one character says,
\quotation{Eh? What am I supposed to say? Something like, \quotation
{Quotations in this sentence are nested}?}} testing, 1, 2, 3.
\stoptext

Indubitably, I need to remix Chinese and English in one document. But English characters in Chinese fonts aren’t look good in most time as others, so font fallback is needed here.
First, make a English font as a fallback of Chinese font:

\definefontsynonym[song][name:adobesongstd]
\definefontfallback[hereos][name:texgyreherosregular][0x0000-0x0400]
\definefontsynonym[fbsong][song][fallbacks=hereos]
 
\definefont[newsong][fbsong]
\setscript[hanzi]
 
\starttext
\newsong 夹杂 English 的中文文本
\stoptext

This means we use texgyreherosregular as the fallback English font and name it as hereos, 0×0000-0×0400 is the interval of English characters in UTF-8 encoding. Then make “fbsong” the new font that is the remix of song (adobesongstd) and fallback hereos (texgyreherosregular).
But on the tutorial I am following, the author said such action will lose some feature when ConTeXt processing English, so change to using a Chinese font as a fallback of English font:

\definefontsynonym[hereos][name:texgyreherosregular]
\definefontfallback[song][name:adobesongstd][0x00400-0x2FA1F]
\definefontsynonym[fbsong][hereos][fallbacks=song]
\definefont[newsong][fbsong]
\setscript[hanzi]
 
\starttext
\newsong 夹杂~English~的中文文本
\stoptext

Then I’ve rewritten my type-myfonts.tex with fallback font:

\starttypescript[serif][fbfont]
 
\definefontsynonym[enserif][name:dejavuserif]
\definefontsynonym[enserifbd][name:dejavuserifbold]
\definefontsynonym[enserifit][name:dejavuserifitalic]
\definefontsynonym[enserifbi][name:dejavuserifbolditalic]
 
\definefontfallback[umingcn][name:arplumingcn][0x00400-0x2FA1F]
 
\definefontsynonym[Serif][enserif][fallbacks=umingcn]
\definefontsynonym[SerifBold][enserifbd][fallbacks=umingcn]
\definefontsynonym[SerifItalic][enserifit][fallbacks=umingcn]
\definefontsynonym[SerifBoldItalic][enserifbi][fallbacks=umingcn]
 
\stoptypescript
 
\starttypescript [sans][fbfont]
 
\definefontsynonym[ensans][name:dejavusans]
\definefontsynonym[ensansbd][name:dejavusansbold]
\definefontsynonym[ensansob][name:dejavusansoblique]
\definefontsynonym[ensansbo][name:dejavusansboldoblique]
 
\definefontfallback[ukaicn][name:arplukaicn][0x00400-0x2FA1F]
 
\definefontsynonym[Sans][ensans][fallbacks=ukaicn]
\definefontsynonym[SansBold][ensansbd][fallbacks=ukaicn]
\definefontsynonym[SansOblique][ensansob][fallbacks=ukaicn]
 
\definefontsynonym[SansBoldOblique][ensansbo][fallbacks=ukaicn]
 
\stoptypescript
 
\starttypescript [mono][fbfont]
 
\definefontsynonym[enmono][name:dejavusansmono]
\definefontsynonym[enmonobd][name:dejavusansmonobold]
\definefontsynonym[enmonoob][name:dejavusansmonooblique]
\definefontsynonym[enmonobo][name:dejavusansmonoboldoblique]
 
\definefontfallback[microhei][name:wenquanyimicroheimono][0x00400-0x2FA1F]
 
\definefontsynonym[Mono][enmono][fallbacks=microhei]
\definefontsynonym[MonoBold][enmonobd][fallbacks=microhei]
\definefontsynonym[MonoOblique][enmonoob][fallbacks=microhei]
 
\definefontsynonym[MonoBoldOblique][enmonobo][fallbacks=microhei]
 
\stoptypescript
 
\starttypescript[myfonts]
\definetypeface[myfonts][rm][serif][fbfont]
\definetypeface[myfonts][ss][sans][fbfont]
\definetypeface[myfonts][tt][mono][fbfont]
\stoptypescript

And here is an example:

\usetypescriptfile[type-myfonts]
\usetypescript[myfonts]
\setupbodyfont[myfonts,rm,12pt]
\setupbodyfontenvironment [default] [em=italic] % slanted is default emphasize in ConTeXt
\setscript[hanzi]
 
\pdfoptionpdfminorversion=6
\pdfcompresslevel=9
 
\starttext
 
\startcomment
this is a test comment, you shouldn't see me.
\stopcomment
 
我们在运行 \CONTEXT{}
 
\rm 这是 fbfont 里的 serif，dejavuserif+arplumingcn \\
\ss 这是 fbfont 里的 sans，dejavusans+arplukaicn \\
\tt 这是 fbfont 里的 mono，dejavusansmono+wenquanyimicroheimono \\
 
\stoptext

“setupbodyfontenvironment” is a command that tell ConTeXt our body’s font environment, here we change nothing but emphasis to italic instead of default slanted face.
“%” is used to take comments and the TeX engine won’t do anything with items after it to the line’s ending. Multi-lines comments can be achieved by using “\startcomment … \stopcomment”.
“\pdfoptionpdfminorversion” is the setting for pdf option in minor version, and we can have a table to list it:
* (1993) – PDF 1.0 / Acrobat 1.0
* (1994) – PDF 1.1 / Acrobat 2.0
* (1996) – PDF 1.2 / Acrobat 3.0
* (1999) – PDF 1.3 / Acrobat 4.0
* (2001) – PDF 1.4 / Acrobat 5.0
* (2003) – PDF 1.5 / Acrobat 6.0
* (2005) – PDF 1.6 / Acrobat 7.0
* (2006) – PDF 1.7 / Acrobat 8.0
* (2008) – PDF 1.7, Adobe Extension Level 3 / Acrobat 9.0
The value of “pdfoptionpdfminorversion” is that x in “1.x”, in this example, “\pdfoptionpdfminorversion=6″, we set the version to PDF 1.6, correspond to Acrobat 7.0. The default setting is version 5 – PDF 1.5 for Acrobat 6.0.
“pdfcompresslevel” is the compress level of output pdf file, 0 is the least and 9 highest. Default setting is 0.
“\CONTEXT” is a sequence to produce the effect of sinking e in TEX. Other interesting are “\LATEX” “\TEX”, also “\LaTeX” and “\TeX” is acceptable, but I didn’t find how to produce a LaTeX2e, not “\LaTeXe” in LaTeX.
The {} after “\CONTEXT{}” tell the TeX engine don’t eat all extra whitespace and empty lines.
“\\” means force line breaking, we cannot use “\newline” as LaTeX does.

There are three basic fonts in Chinese, Song, Hei and Fangsong, corresponding to Serif, Sans and Monospace in Latin characters. Another category is numbers, it is recognized as a separate category by ConTeXt.
Using Adobe’s three fonts as a example, we can define type-myfonts.tex, a typescript file:

\starttypescript[serif][zhfont]
    \definefontsynonym[Serif][name:adobesongstd]
    \definefontsynonym[SerifBold][name:adobesongstd]
    \definefontsynonym[SerifItalic][name:adobesongstd]
    \definefontsynonym[SerifBoldItalic][name:adobesongstd]
\stoptypescript
 
\starttypescript [sans][zhfont]
    \definefontsynonym[Sans][name:adobeheitistd]
    \definefontsynonym[SansBold][name:adobeheitistd]
    \definefontsynonym[SansItalic][name:adobeheitistd]
    \definefontsynonym[SansBoldItalic][name:adobeheitistd]
\stoptypescript
 
\starttypescript [mono][zhfont]
    \definefontsynonym[Mono][name:adobefangsongstd]
    \definefontsynonym[MonoBold][name:adobefangsongstd]
    \definefontsynonym[MonoItalic][name:adobefangsongstd]
    \definefontsynonym[MonoBoldItalic][name:adobefangsongstd]
\stoptypescript
 
\starttypescript[myfonts]
    \definetypeface[myfonts][rm][serif][zhfont]
    \definetypeface[myfonts][ss][sans][zhfont]
    \definetypeface[myfonts][tt][mono][zhfont]
\stoptypescript

Explanation by line:
“\starttypescript[serif][zhfont]” means starting a typescript profile, named “serif” and classify it in “zhfont”;
“\definefontsynonym[Serif][name:adobesongstd]” means start a font synonym definition, and assign “Serif” to “adobesongstd”;
“\stoptypescript” means finishing a profile.
We need to pay some attention at the last profile, that is to say “\definetypeface[myfonts][rm][serif][zhfont]“, we define the typeface series “myfonts” in this profile, and this line represent the “rm”, roman, face is assigned to serif, which we have defined in previous profiles, and “ss” fo “sans”, “tt” for “teletype” or rather “monospace” as we know.
Then write another file, save as test.tex:

\usetypescriptfile[type-myfonts]
\usetypescript[myfonts]
\setupbodyfont[myfonts,rm,12pt]
 
\starttext
所有动物都生而平等，但有些动物比其他动物更平等
\ss 所有动物都生而平等，但有些动物比其他动物更平等
\tt 所有动物都生而平等，但有些动物比其他动物更平等
\stoptext

For explanation, “\usetypescriptfile[type-myfonts]” tell the TeX engine to find a typescript file named type-myfonts.tex in the same directory as current file, and include the contents here; \usetypescript[myfonts]” tell it we are using “myfonts” typescript set as defined in type-myfonts.tex; “\setupbodyfont[myfonts,rm,12pt]” is telling that set the body font to myfonts’s rm style, with 12pt as the size.
Between “\starttext”…”\stoptext” is the text, first line using default font, \rm, and second line change to \ss finaly \tt.
Here is a list to tell font model:

Next we need to make ConTeXt know how to wrap lines for Chinese, that is, to break a long sentence into lines in a page. What we need to do is add “\setscript[hanzi]” to the header. Another example of test.tex:

\usetypescriptfile[type-myfonts]

\usetypescript[myfonts]

\setupbodyfont[myfonts,rm,12pt]
 
\setscript[hanzi]
 
\starttext
明亡后，朝鲜和日本认为中国已亡，日本从此蔑称中国为“支那”。明治维新后，自认为华夏正统的日本曾打着“攘夷主义”的旗号发动甲午战争等对清战争。


\stoptext


I’ve chosen to study a TeX, and finally choose ConTeXt because it uses LuaTeX engine that can support Chinese with less pain than using LaTeX as well as someone is complaining about XeTeX may output a lower quality. I don’t know who’s true, but according to my own perception, ConTeXt Minimals with LuaTex may be the best choice, so I start this category of blog to track my course studing it.
Today, I am trying to install it and output my first result file.

Installation is quite easy:

mkdir ~/usr/context && cd ~/usr/context
wget http://minimals.contextgarden.net/setup/first-setup.sh

It will call rsync and use ruby to achieve this, so make sure they are installed on system.

sh first-setup.sh

This will give you a dev-shot of ConTeXt Minimals, if a stable version is needed, run the following instead:

sh first-setup.sh --context=current

I continue with the dev version. Note, every time we want do an update of the program or move it somewhere else, we need to run the command above to make all things work.
If we don’t have a connective Internet available but still want to change the directory, we may run the following command in the context/ folder with tex/ under it:

mtxrun --verbose --script ./bin/mtx-update.lua --update --make --force --engine=all --context=beta --texroot=$PWD/tex $@

Next, make sure there are fonts needed installed, on my system it’s /usr/share/fonts, with wqy-zenhei and wqy-microhei as my Chinese fonts and others like DejaVu and Droid as English fonts.
We need to refresh the system’s font cache before continue, otherwise some fonts won’t work.

sudo fc-cache -f

Then add the system’s font directory to setuptex, which file is placed at ~/usr/context/tex/setuptex in my installation, add the following line at the end of file:

export OSFONTDIR=/usr/share/fonts

Reload font cache for ConTeXt:

mtxrun --script fonts --reload

Generate a list of usable fonts:

mtxrun --script fonts --list > font-names.txt

First row represents the font name we will use in our tex file, second is descriptions like font name in true life, the third line is the path to the font file in system.
Finally source the setuptex file to make this environment sensible for current console:

source ~/usr/context/tex/setuptex

Now, we’ve finished setting up a environment that can work.
The easiest example may be like this:

\starttext
Hello world!
\stoptext

Have another test with Chinese:

\definefont[uming][name:arplumingcn]               
\starttext
\uming  
终于看到中文了！
\stoptext

First line assign “uming” as “arplumingcn”, that is “uming” will be used in the following of this file to represent the “arplumingcn”, which is the name of this font that we can see in the first row of former generated font-names.txt.
Second line tell the program we are starting the text, and the next line tell it we are choosing font “uming” for following text. And the last line tell it the text is finished.
I save the file as hello.tex, and use this command to produce the result:

context hello

also we can use hello.tex, but like other Tex environment, ConTeXt knows that it is processing a TeX file so the suffix can be omitted safely.
The the program print many things to our console and finally stopped with several hello.* files in our working directory, and hello.pdf is lying there.

Hi planet, I am finally part of Ubunu Member at the point we are releasing Karmic, cheers for myself and everybody!

Do you think your web browser is not so fast as you expected? I decide to write a series of articles to support you speeding up your network. Follow me to tune your settings and get joys surfering the net!

This article is written on Linux, especially I am using Ubuntu 9.04, but I will try to mention notices for other distributions and platforms.

This is the first peice in ‘Boosting network for your PC’, the topic is DNS settings. One question, does your ISP ship low quality DNS service?

At first place, I recommend you to use OpenDNS, whose slogan is ‘Safer, Faster and Smarter’. Let me tell the reason why to turn form your ISP’s service to this one. OpenDNS is a free service, and there is many features other providers cannot give you, such as a smarter site guide, spell checking, and smart cache to keep your query while the requested site’s name server is not working properly, phishing and malware site bloking … Somebody might say we can use client-based tools to do most of them, but do you think it’s a better way to keep the annoyance away from the source? There is more features provided and I haven’t listed one by one, but it worth a try.

It is not difficult to turn to OpenDNS, set main DNS server to 208.67.222.222 and backup server to 208.67.220.220 on your PC’s connection setting or on your router. Generally we can change it in resolv.conf on a Linux machine, but GNOME users should do it on network-manager if you use it because it will rewrite resolv.conf automaticlly. For those who use xDSL, edit your DSL setting, you can find IPv4 option tab, change the method to PPPoE Address Only, and input the two DNS server addresses in order “main, backup”.

If you have a static IP address, then you should register on https://www.opendns.com, add your network’s IP address to your dashboard, then set your own settings for content filtering, enable the SmartCache, block internal IP addresses to avoid DNS Rebinding Attacks, thus these features are not enabled or can be customized. If you use a dynamic IP address, for example, you are a xDSL user, don’t worry about you cannot have your own account and your custom settings. All you need to do more is install a client to update your address to OpenDNS’s server, and enable the dynamic update feature in you dashboard. On Windows and Mac, they provide their client programs, you can just install can configure it easily according to the guide; on Linux/Unix, you can use ‘ddclient’ which is a free software, you can download it from its homepage on http://ddclient.sourceforge.net, or you may find it just lying in your distribution’s repository. I recommend you to install it as a service, or called daemon. Here is a example for what I have done on my Ubuntu box:
1. Install ddclient using apt, or synaptic, or whatever package manager you like, here is what I ran in a terminal:

sudo aptitude install ddclient

You don’t need to care about what you have chosen on the debconf interface, soon we’ll chage the configuration file.

2. Configure ddclient via editing its configuration file, use whatever editor you like to edit /etc/ddclient.conf first, for example I run this command:

sudo vi /etc/ddclident.conf

Then make your file look like this:

daemon=600

syslog=yes

ssl=yes

pid=/var/run/ddclient.pid

protocol=dyndns2

use=web, web=whatismyip.com

server=updates.opendns.com

login=your-account-name

password='your-account-password'

your-lable-in-account-settings

The first line without # at its start intends to tell ddclient refresh information to the server every 600 seconds if it is running as a daemon. This section is not needed for Ubuntu user in fact, because it is configured in the other file we’ll look at, just a note here for others who many use it. I think 600 is a suitable value for most network, or you can adjust it to meet your actual needs. Update the information too frequently is a waste of resource, having a too long interval time may let your service not working so properly sometimes.

The second line intends to make every update logged at syslog, you can delete this line if you don’t want to.

The third line is for turning on ssl support, in other word we can transfer our account information using an encrypted route.

The forth line is the PID file path, don’t change it unless you know what your are doing exactly.

The fifth line tells what protocal you use, OpenDNS requires dyndns2 protocal.

The sixth line is the way you get your current IP address for transferring to the server, the defaut value was “use=if, if=”, than means you can set a net interface such as eth0 here and ddclient will send eth0’s address. When we are using PPPoE or other virtual connection protocal, this configure may be damnned, so we set it using web to check you real IP, whatismyip.com is the host provide such service, you can change it to something you like, but I think copy-and-paste this line to your configuration is the best choice.
The next three lines is the information about the server and your account, you should copy the server address, and fill in your account name and password there. Don’t worry about your account’s security here, the ddclient.conf is only accessable for root user by default, and we have chosen to use ssl at the begging of this configuration.

The last line is the LABLE you have set in your dashboard, they are something might be Home, Office, etc.

Next, we should enable daemon mode for ddclient, edit /etc/default/ddclient.conf with root privilege:

sudo vi /etc/default/ddclient.conf

Make sure the following lines are just look like what have shown below:

run_ipup="true"

run_daemon="true"

daemon_interval="600"

The first line is whether ddclient does an update while a new ppp conection is establed, this is useful for those who use a xDSL, or other dial-on-demand connections.

The second line is whether ddclient run as a daemon, we change it to true here. Only run as a daemon, it can perform the set actions automaticlly.
The last line is how long should it takes from one update to another, I was explained before in the first line of previous configuration file.

3. Restart ddclient to make everything into effect.

sudo /etc/init.d/ddclient restart

We have finished configuring OpenDNS till here, visit https://www.opendns.com/welcome/ to check!

Second, use DNS cache to speed up the look up action. This is for Linux/Unix users, I don’t know if there is any good replacement for other platforms. I introduce dnsmasq here to do this task.

1. Install dnsmasq, you can find it in main aspect of distributions‘ repository.

For Ubuntu, perform the following action:

sudo aptitude install dnsmasq

2. Edit /etc/dnsmasq.conf to fit our use:

sudo vi /etc/dnsmasq.conf

And make sure the following line is uncommented:

listen-address=127.0.0.1

You can choose to change other settings if you are interested in the file, there is enough comments for you to know what every options sense, but leave it there is a good solution.

3. Restart dnsmasq

sudo /etc/init.d/dnsmasq restart

4. Add 127.0.0.1 to you DNS list. We can edit resolv.conf to make that line at first of ns servers, or change in network-manager.

5. Restart networking, you don’t need to restart your computer.

sudo /etc/init.d/networking restart

So close and re-open your web browser, do you feel web pages load faster?

Third, tune your firefox(if you use it). Input about:config in your firefox location bar, filter the following items and change their values to ‘true’:

network.http.pipelining

network.http.proxy.pipelining

plugin.expose_full_path

And change the following item’s value to 8 or 10:

network.http.pipelining.maxrequests

Add these items to the list via right click and choose ‘Add -> Interger’, note to set the value according to the last number listed below:

nglayout.initialpaint.delay 0

content.notify.backoffcount 5

ui.submenuDelay 0

If you don’t have IPv6 connection, also change this item’s value to ‘true’:

network.dns.disableIPv6

Restart your firefox will make it effect.

In Ubuntu 9.04, the IPv6 support was built in kernel, if you compile kernel by yourself, you can uncheck this feature if you don’t need it.

Here is the final summary.

Today I was fuzzied by the help content of the command ‘timeout’, as its name suggest, it a COMMAND, and kill it if still running after a specified period of time. Because of its termination action, I met something related to signals. Googled and finally make a summary here, that is, what’s the differences among HUP, INT, KILL, TERM, USR1 signal.
Everytime when we shutdown our Linux box, it will show “Sending all processes the TERM signal” then “Sending all processes the KILL signal”. Definatly, the TERM signal can be more graceful than KILL, but the best thing we should do now might be looking up the manual page.
In the manual page of kill(7), we get something like this (I’ve ignored things not closely connected to our topic, same below):
Name    Num    Action    Description
————————————————————-
HUP        1        exit
INT        2        exit
KILL        9        exit        cannot be blocked
TERM    15        exit
USR1            exit
Seems not so much information provided. Anyway, we can know they are all related to the process exit action,and the KILL (9) signal cannot be blocked, in other words it cannot be caught by a process so they don’t have the chance to have actions to block it.

Then I searched Google and found some hints from Apache httpd documentation.In the section of Stopping and Restarting, we can see content which have the meaning like this (all signals should be sent to a parent process in this place):
TERM – stop now: The parent immediately attempt to kill off all of its children. It may take it several seconds to complete killing off its children. Then the parent itself exits. Any requests in progress are terminated, and no further requests are served.
USR1 – graceful restart: The parent “advise” the children to exit after their current request (or to exit immediately if they’re not serving anything). The parent re-reads its configuration files and re-opens its log files. As each child dies off the parent replaces it with a child from the new generation of the configuration, which begins serving new requests immediately.
HUP – restart: The parent kill off its children like in TERM, but the parent doesn’t exit. It re-reads its configuration files, and re-opens any log files. Then it spawns a new set of children and continues serving hits.

But things provided still cannot explain our question. Ah, from the last line of manual page of kill(7) we can see there should be another page named ’signal’. Okay, look up into it and here is what we get :
Signal    Value    Action    Comment
—————————————————
SIGHUP    1        Term    Hangup detected on controlling terminal or death of controlling process
SIGINT    2        Term    Interrupt from keyboard
SIGKILL    9        Term    Kill signal
SIGTERM    15        Term    Termination signal
SIGUSR1    30,10,16    Term    User-defined signal 1
SIGUSR2    31,12,17    Term    User-defined signal 2
Hoo! More information are displayed!

Finally, we can have a short summary:

TERM – Terminate – This signal you send if you want to end a process. It allows the process to clean up nicely though, not like the -9 option (KILL) which just ends everything.
INT – Interrupt – This is a permission which for instance can be used in an NFS environment. If a process hangs, you can interrupt it with say the Ctrl C option.
KILL – exactly what it says. It kills a process without allowing it to clean up, meaning, end all threads, kill child processes etc. It just stops it and can leave either files or other processes in an inconsistant state.
HUP – Hang UP – What this signal does is, when you send it to say the inetd process, it basically tells inetd to go reread it’s configuration file as certain changes have been made which you have to incorporate now. The process doesn’t actually stop, it just, like stated, rereads it’s config.
USR1 – This is a user defined signal. For instance, on our Tru64 systems, we use this signal to tell say the binary log daemon to go save it’s current log file, archive it, and then start a new one. I imagine though it could be used for many other things, thus user defined.

Reference:

1.Manual pages kill(1), signal(7).
2.Apache HTTP Server Documentation Version 2.2 – Stop and Restarting

Split .ape files with cue and convert to flac format is not so difficult.

We do it on an Ubuntu box for example:

First, install the dependency of shntool, flac, mac, cuetools

sudo aptitdue install flac shntool cuetools

and download mac package in form of deb or tarball.

Run the following command in a terminal:

shntool split -f FileName.cue -t '%n. %t' -o flac FileName.ape

and the output .flac files’ name follows this sequence:

1. Track1name.flac

2.Track2name.flac

Good afternoon!

I have updated anjuta-old packages in my PPA, which contains new Simplified Chinese translations (po/zh_CN.po) by Pengyuan Jin <jinpengyuan at gmail dot com>, and added the packages for Ubuntu Karmic (9.10).

In Jaunty, the version number has changed to anjuta-old – 1:1.2.4a-2 , and in Karmic, anjuta-old – 1:1.2.4a-2~ppa2. I modified the build dependency of libzvt-dev to libvte-dev, the build progress succeeded finally, but I still doubt if these two development libraries are necessary.

Since I changed my username on launchpad after first release of the packages, users needn’t change the signature keys,  they aren’t changed, but need to check your source repository lines to:If you have any questions or suggestions, or any problems while using the packages, please contact me.

Ubuntu Jaunty (9.04):

deb http://ppa.launchpad.net/happyaron/anjuta-old/ubuntu jaunty main
deb-src http://ppa.launchpad.net/happyaron/anjuta-old/ubuntu jaunty main

Ubuntu Karmic (9.10):

deb http://ppa.launchpad.net/happyaron/anjuta-old/ubuntu karmic main
deb-src http://ppa.launchpad.net/happyaron/anjuta-old/ubuntu karmic main

Thanks for your support!

Previous entry: http://blogs.gnome.org/happyaron/2009/05/17/anjuta-old/

授权信息：
Creative Commons License Deed. 署名-非商业性使用-禁止演绎2.5 中国大陆

作者：远景论坛 系统与网络安全讨论区版主 aronmalache

（Aron Xu <aronmalache (AT) 163 (DOT) com>）

http://blogs.gnome.org/happyaron/2009/06/07/security-memorandum/
转载请注明作者及出处。

版本历史：
2008年12月14日 第一版
2008年12月15日 第一版+词语修正
2009年01月09日 第一版+小改，或者可以叫1.1版
2009年06月07日 第一版+小改

在这里提醒您注意保护您的计算机，保证正常使用和数据安全。

以下是一些注意事项，大多是最实用，最基本，也是“性价比”最高的(针对Windows用户)，如果你有一定的计算机使用经验，这篇应当就算是一个备忘路，而如果你常被安全问题困扰，不论你是高手还是菜鸟与否，我想都会有些帮助或者启发吧：

1.定期给系统打补丁，或者说是进行系统更新。最简单的解决方法是打开系统带的自动更新；但是很多用户因为各种原因不愿意或者不能打开自动更新，这就需要进行手动更新。手动更新可以由360安全卫士，瑞星卡卡安全助手以及部分杀毒软件完成。在平时可以每1-2周进行一次更新，在安全威胁比较高的时期要保证1周能检查安装一次。对于服务器用户最好是能在安装到实际应用的服务器前进行一下测试，以了解安装更新后会带来哪些改变，很多更新是不能完全卸载的。

2.定期更新安全防护软件。基本上所有的安全防护软件都提供了自动更新，推荐将其打开。切记不要同时安装超过一套安全防护软件，即便是看起来没有什么冲突或者错误。因 为系统的底层资源是固定的，多个软件争夺势必造成功能损失。这里推荐几套软件，要说的一点是选择安全产品是要针对用户习惯，需求等来确定的，不要人云亦 云：ESET NOD32，卡巴斯基，Norton，Mcafee，瑞星，江民。对于ARP攻击频繁的地方强烈推荐使用ESET NOD32和瑞星，防御效果相对更好。这里要注意的是ARP攻击分客户端和网关端两种，我们能防御的都是客户端的这种，如果服务器端受到了有效的攻击我们也无能为力，这也是有的朋友遇到了装了ARP攻击防御软件仍然出现问题的原因。最根本的解决办法是ARP双向静态绑定（客户端和网关都绑定）。另外，ADSL用户如果只有一台电脑上网则不存在风险，可以放心关闭ARP防御功能。

3.不要把所有安全责任都丢给安全防护软件。安全防护软件仅仅是保证计算机安全的工具。在中国，U盘，游戏，QQ，网页挂马，局域网已经成为传播病毒的基本途径。很多人的U盘上都有不只一中病毒，而游戏，QQ，网页病毒多数是因为经济利益问题。一般情况下安全软件的主动防御和文件监控能起到比较好的效果，尤其是在有移动设备如U盘，移动硬盘，SD卡等接入前，最好打开这些监控，并查看是否屏蔽了U盘自动运行。不要浏览非法包含非法信息的网站，因为这样的网站多数都带有病毒或者恶意插件安装。即使开启了自动更新，主动防御和文件监控，也要定期进行全盘扫描，一般需要在1-2周进行一次，扫描前需要手工更新杀毒软件的病毒库和引擎到最新版本。不要随便打开别人给的文件，即使对方是可以信任的朋友，因为无法确定他知不知道已经感染了。而且杀毒软件不能有效地控制未知病毒，而很多时候都是有不少用户被感染了，才有安全公司在病毒库上添加了记录。同时不可轻易相信任何杀毒软件的可疑程度检测，那个基本上都是没有多少可信度的。这项技术一直都是实验室水平的，对于实际应用基本没有什么价值，之所以会发布是因为各个公司之间的商业竞争，有的公司拿这个来吸引不知情的用户，导致了恶性的循环。当然，病毒家族检测现在已经比较成熟了，如果杀毒软件提示是哪个病毒的变种，这个就需要小心了。

4.注意文件备份，特别是重要文件更是如此。备份可以使数据丢失时损失尽可能少。有很多 人因为中了病毒辛辛苦苦积累了很多年的文件都因为被病毒感染无法清除而不得不与之挥手告别，实际上可以通过备份来解决这些问题。但是最好不要在当前硬盘或 者U盘中备份，因为我们要保护的就是它们上面的数据。可以采用光盘备份，现在DVD刻录机和光盘的价格也越来越低，这不失为一中好的选择。切记不要以为系统做了Ghost镜像就没有问题了，众所周知，熊猫烧香会删除它能发现的所有Ghost镜像。实际上这个技术是很基础的，主要是看病毒作者是否想要添加这样的功能。

5.注意文件保密，对于有需要的文件进行加密。有些人会在计算机上安装“闪盘窥探者”，会试图把连接到机器上的移动储存设备的文件全部复制到一个指定的地方，这样会使U盘里的重要文件暴露出去。加密方式上有很多U盘和移动硬盘支持加密功能，可以直接使用。但是大部分的还是没有这个功能的，这种情况下，对于Office文档不要直接使用软件自带的加密方式，因为很容易破解。实际上rar,zip等压缩程序的加密也很难应对暴力破解，而这些格式通常都已经有了很完整的暴力破解工具。这里只能提醒大家使用的密码尽量长一点，比如12-16位的一般就很难破解了，同时不要使用英文单词，生日，姓名，游戏帐号等信息作为密码，也不要单纯地使用数字或字母。一个很好的办法是想一句话，然后把这句话的每个单词（如果是英文）或者是每个字的拼音（汉字的话）的第一个字母组成一串，然后在里面添加上标点符号和数字（根据喜好，可以不改变标点符号的位置）。这种方法创建出来的密码既容易记又有很高的保密性，同样适用于其他场合。如果有更高的安全要求，还可以使用GnuPG这样的密钥策略，2048位的密钥容量很是够用，而且配套工具也比较齐全，可以方便使用。

6.谨慎对待各种小程序，小工具，比如注册机，Hash程序等等。因为名气不大所以不会受到很多人的检验，有的时候下载的文件其实和原版的文件不一样，或者原版的文件就包含了恶意代码。部分内存注册机会被一些杀毒软件报毒，是因为在程序运行时正常情况下一个程序不应该直接修改其他应用程序的内存，而内存注册机却正是通过这种办法实现破解的。

7.不要随便点“确定”“是”“允许”“下一步”一类的按钮。通常情况下很多用户习惯了看见对话框或者提示就点这些内容，但是这种习惯也为病毒感染提供了条件，很多时候杀毒软件或者系统的UAC(针对Vista)会阻止不应该运行的程序运行，但是如果点了这些，很多时候是允许他们运行，这是一个习惯问题，不要因为每天点“允许”花了眼，手一滑就让不该运行的东西运行了。这样也能阻止很多恶意插件的安装。很多人安装应用程序的时候总是一路点击下一步，这样也会导致很多的不需要的插件被安装。而每一次这样的软件安装，都是会给软件作者一定的收入的，而且收入相当高，一般每安装成功一例就是1元钱左右。

8.不懂的情况下不要玩病毒或者研究黑客技术。因为很多时候那些工具也都被封装者添加了病毒，而你又不能让杀毒软件来捣鬼，这个时候就很无奈了。没有解决不了的问题，还是不要因为一点小事而要把别人黑了或者怎么样了。