Vixual

大家都知道 Microsoft Windows 是一個圖形介面、支援多視窗、多工環境的作業系統，那麼在 Windows 上使用聊天軟體，開啟多個視窗跟不同人聊天也是合理的，沒錯吧?!

工作上我會用到 Skype 與同事對話，雖然 Skype for Desktop 預設是單一視窗介面，一次只能看到與一個對象的聊天內容，但 Skype (v8.96 及之前的版本)，只要於選項中「啟用分割檢視模式 (Split View)」，就能讓你每次點選不同的聊天對象就開啟一個新視窗，方便同時跟不同人聊天、對話:

因為可以開啟多個視窗，我時常會用來:

• 開多個對話視窗來比對或複製資料
• 保留未結束的對話視窗
• 保留重要的對話視窗

對我而言，Skype 能同時開啟多個視窗是很重要且必要的功能。
Read more

弱點掃瞄

弱點: TLS Service Supports Weak Cipher Suite

Transport Layer Security (TLS), the successor to Secure Socket Layer (SSL), is a network protocol that encrypt communications between TLS servers (e.g., websites) and TLS clients (e.g., web browsers). Every communication is secured by a cipher suite: a combination of several algorithms working in concert. Cryptographic algorithms do not have a defined lifetime, but academics, researchers, and nation states are constantly evaluating them for weaknesses. Consensus on which algorithms are untrustworthy evolves over time, and if a communication is protected with a weak cipher suite then that communication can be altered or decrypted.

• Severity: Medium
• Risk: A TLS service was observed supporting weak cipher suites.
• Recommendation: Disable the cipher suites listed in the evidence column of the measurement.

Read more

弱點掃瞄

弱點 1: SSH Supports Weak Cipher

The SSH server is configured to support either Arcfour or Cipher Block Chaining (CBC) mode cipher algorithms. SSH can be configured to use Counter (CTR) mode encryption instead of CBC. The use of Arcfour algorithms should be disabled.

• Severity: Medium
• Risk: A weak cipher has been detected.
• Recommendation: Configure the SSH server to disable Arcfour and CBC ciphers.

弱點 2: SSH Supports Weak MAC

The SSH server is configured to support MD5 algorithm. The cryptographic strength depends upon the size of the key and algorithm that is used. A Modern MAC algorithms such as SHA1 or SHA2 should be used instead.

• Severity: Medium
• Risk: A weak Message Authentication Code (MAC) algorithm has been detected.
• Recommendation: Configure the SSH server to disable the use of MD5.

Read more

弱點掃瞄

弱點: SSL/TLS Service Supports Weak Protocol

Transport Layer Security (TLS), the successor to Secure Socket Layer (SSL), is a network protocol that encrypt communications between TLS servers (e.g., websites) and TLS clients (e.g., web browsers). Every communication is secured by a cipher suite: a combination of several algorithms working in concert. Networking protocols do not have a defined lifetime, but academics, researchers, and nation states are constantly evaluating them for weaknesses. Consensus on which protocols are untrustworthy evolves over time, and if communications are sent with a weak protocol then that communication can be altered or decrypted.

• Severity: High
• Risk: A TLS service was observed supporting weak protocols.
• Recommendation: Disable the protocols listed in the evidence column of the measurement.

Read more

弱點掃瞄

弱點: Site does not enforce HTTPS

The site responds to HTTP requests without ultimately redirecting the browser to a secure version of the page. Since the site allows plaintext traffic, a man-in-the-middle attacker is able to read and modify any information passed between the site and the user. There are a variety of situations in which an attacker can intercept plaintext traffic in a man-in-the-middle position, including but not limited to:

1. Open Wi-Fi Hotspots
2. WPA/WPA2 encrypted hot-spots where the attacker connected before the victim
3. Malicious Wi-Fi access points
4. Compromised switches and routers
5. ARP poisoning on the same wired network

It's important to remember that in many of the above situations, an attacker can not only read traffic, but also actively modify the traffic. Even if a site that does not contain sensitive information, an attacker can still inject malicious content to a user’s browser.

• Severity: High
• Risk: Site does not enforce the use of HTTPS encryption, leaving the user vulnerable to man-in-the-middle attackers (who can falsify data and inject malicious code).
• Recommendation: Any site served to a user (possibly at the end of a redirect chain) should be served over HTTPS.

Read more

Android Auto 車機的 GPS 定位問題

我的車機是 Pioneer AVH-Z9250BT，手機是小米 12，我通常是使用無線的方式連接車機的 Android Auto。

不過在車機上的 Android Auto 使用 Google Maps 導航時，偶爾會出現行車位置漂移、GPS 訊號中斷、正在搜尋 GPS 訊號，或無法顯示地圖...之類的問題! 但是同一時間，如果我開啟手機上的導航王來查看，導航王的定位卻又無比正確!

原本以為是我的車機太爛，或有相容性的問題，上網尋找答案，又發現很多網友有同樣的問題，其中也不乏一些百萬名車內建的車機! 幸好有找到解決方法!
Read more

這些指令的執行檔通常是放在 C:\Windows\System32\，可在這些地方執行指令:

• 開始功能表的「執行」
• Win + R 的執行視窗
• Win + Q 或 Win + S 的搜尋視窗
• cmd 命令提示字元
• 檔案總管的「網址列」

Read more

我的電腦在某次更新 Windows 10 之後，原本已設定好不讓它自動關機的電腦竟會進入休眠狀態! 原因似乎是進入休眠的時間被改動了，而在 Windows 的設定中卻不容易找到「休眠」的細部選項!

這 Windows 可真愛找麻煩!

先來看一下 Windows 10 關機選單的 4 個選項做為相關知識:

1. 睡眠 (Sleep, S3): 會將桌面及應用程式的狀態寫入至記憶體，讓電腦以極低的耗電方式維持在開機的狀態，以便在喚醒電腦時，可以立即回到睡眠前的電腦狀態。從 Windows Vista 起，睡眠 (Sleep) 模式已取代了待命 (Standby) 模式。
2. 休眠 (Hibernate, S4): 會將桌面及應用程式的狀態寫入至磁碟再關閉電腦的電源，電腦下次開機會恢復到休眠前的電腦狀態。從休眠狀態下開機的速度會比睡眠還慢。
3. 關機 (Shut down, S5): 關閉所有應用程式並關閉電腦的電源，不會自動儲存任何狀態。
4. 重新開機 (Restart): 關閉所有應用程式並重新啟動電腦及作業系統。

Read more

Line 已經是台灣人不可或缺的通訊軟體了，不論是交友或工作，都會被要求加 Line。

前一陣子在我的手機上，收到 Line 的訊息都不會跳出提醒，甚至還會自動掛斷 Line 的語音通話，讓我覺得很困擾!

後來才發現這些問題其實都與「電腦版」的 Line，以及 Windows 10 的「專注輔助」模式有關。

請留意，本文是針對安裝了「電腦版」的 Line 之後所發生的問題，原本手機上關於 Line 的通知設定不在本文的討論範圍...

Read more

若執行 yum 出現:

http://mirror.centos.org/centos/6/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found"
Trying other mirror.
To address this issue please refer to the below knowledge base article

表示系統預設的 yum 套件庫可能已經不存在!

我們可以在 vault.centos.org 找到可用的套件庫來源:

• vault.centos.org: http
• archive.kernel.org: http - rsync (rsync://archive.kernel.org::centos-vault/)
• linuxsoft.cern.ch: http - rsync (rsync://linuxsoft.cern.ch/centos-vault/)
• mirror.nsc.liu: http - rsync (rsync://mirror.nsc.liu.se::centos-store/)

Read more