[转载]A new approach to China

2010年1月13日 18:34


1/12/2010 03:00:00 PM

Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident--albeit a significant one--was something quite different.

 

First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses--including the Internet, finance, technology, media and chemical sectors--have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.

 

Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.

 

Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users' computers.

 

We have already used information gained from this attack to make infrastructure and architectural improvements that enhance security for Google and for our users. In terms of individual users, we would advise people to deploy reputable anti-virus and anti-spyware programs on their computers, to install patches for their operating systems and to update their web browsers. Always be cautious when clicking on links appearing in instant messages and emails, or when asked to share personal information like passwords online. You can read more

here

about our cyber-security recommendations. People wanting to learn more about these kinds of attacks can read this U.S. government

report

(PDF),

Nart Villeneuve's blog

and

this

presentation on the GhostNet spying incident.

 

We have taken the unusual step of sharing information about these attacks with a broad audience not just because of the security and human rights implications of what we have unearthed, but also because this information goes to the heart of a much bigger global debate about freedom of speech. In the last two decades, China's economic reform programs and its citizens' entrepreneurial flair have lifted hundreds of millions of Chinese people out of poverty. Indeed, this great nation is at the heart of much economic progress and development in the world today.

 

We launched Google.cn in January 2006 in the belief that the benefits of increased access to information for people in China and a more open Internet outweighed our discomfort in agreeing to censor some results. At the time

we made clear

that "we will carefully monitor conditions in China, including new laws and other restrictions on our services. If we determine that we are unable to achieve the objectives outlined we will not hesitate to reconsider our approach to China."

 

These attacks and the surveillance they have uncovered--combined with the attempts over the past year to further limit free speech on the web--have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.

 

The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success it is today. We are committed to working responsibly to resolve the very difficult issues raised.



Posted by David Drummond, SVP, Corporate Development and Chief Legal Officer

 

转自:http://googleblog.blogspot.com/2010/01/new-approach-to-china.html

Posted by 王者归来 Filed in python Tagged by google Comments[0]

ubuntu

2010年1月12日 01:32

linux下绘制软件流程图软件 dia

绘制mindmap的软件: CmapTools, freemind, xmind

Posted by 王者归来 Filed in python Tagged by mindmap Comments[0]

自动备份文件到gmail的python脚本

2009年4月23日 23:47

 

#!/usr/bin/env python
#-*- coding: UTF-8 -*-
     
import sys, os, smtplib, socket, email
from getpass import getpass

from email.MIMEText import MIMEText
from email.MIMEMultipart import MIMEMultipart
from email.MIMEBase import MIMEBase
from email import Utils, Encoders
import mimetypes

kilobytes = 1024
megabytes = kilobytes * 1024
#chunksize = int(1 * kilobytes)
chunksize = int(24 * megabytes)                   # 24M
     
server = 'smtp.gmail.com'
fromaddr = 'youraccout@gmail.com'
toaddrs = 'youranotheraccout@gmail.com'


def genpart(data, contenttype):
    maintype, subtype = contenttype.split('/')
    if maintype == 'text':
        retval = MIMEText(data, _subtype=subtype)
    else:
        retval = MIMEBase(maintype, subtype)
        retval.set_payload(data)
        Encoders.encode_base64(retval)
    return retval

def attachment(filename):
    fd = open(filename, 'rb')
    mimetype, mimeencoding = mimetypes.guess_type(filename)
    if mimeencoding or (mimetype is None):
        mimetype = 'application/octet-stream'
    retval = genpart(fd.read(), mimetype)
    retval.add_header('Content-Disposition', 'attachment',
            filename = filename)
    fd.close()
    return retval

def split(fromfile, todir, chunksize=chunksize):
    if not os.path.exists(todir):                  # caller handles errors
        os.mkdir(todir)                            # make dir, read/write parts
    else:
        for fname in os.listdir(todir):            # delete any existing files
            os.remove(os.path.join(todir, fname))
    #try:
        #os.mkdir(todir)                            # make dir, read/write parts
    #except:
        #print "mkdir %s error" % todir
        #raise SystemExit
    partnum = 0
    input = open(fromfile, 'rb')                   # use binary mode on Windows
    while 1:                                       # eof=empty string from read
        chunk = input.read(chunksize)              # get next part <= chunksize
        if not chunk: break
        partnum  = partnum+1
        filename = os.path.join(todir, ('part%04d' % partnum))
        fileobj  = open(filename, 'wb')
        fileobj.write(chunk)
        fileobj.close()                            # or simply open().write()
    input.close()
    assert partnum <= 9999                         # join sort fails if 5 digits
    return partnum

def process_file(filename):
    try:
        dirname, ext = filename.split(".", 1)
    except:
        print "filename = %s" % filename

    split(filename, dirname, chunksize)
    absdir = os.path.join(os.path.abspath('.'), dirname)
    return os.path.basename(filename), absdir
def send(gmail, subject, file):
    msg = MIMEMultipart()
    msg['To'] = '%s' % toaddrs
    msg['From'] = '%s' % fromaddr
    msg['Subject'] = '%s' % subject
    msg['Date'] = Utils.formatdate(localtime = 1)
    msg['Message-ID'] = Utils.make_msgid()
    msg.attach(attachment(file))
    message = str(msg)
    try:
        gmail.sendmail(fromaddr, toaddrs, message)
    except (socket.gaierror, socket.error, socket.herror, smtplib.SMTPException), e:
        print "%s may not have been sent!" % subject
        print e
        sys.exit(1)
    else:
        print "%s successfully sent " % subject
def walkdir(source, gmail):
    if os.path.isfile(source):
        size = os.stat(source)[6]
        if size > chunksize:
            filename, absdir = process_file(source)
            print filename, absdir
            for fname in os.listdir(absdir):
                subject = filename+ '-' + fname
                file = os.path.join(os.path.abspath(absdir), fname)
                print subject, file
                send(gmail, subject, file)
        else:
            print source
            send(gmail, os.path.basename(source), source)

    elif os.path.isdir(source):
        for fname in os.listdir(source):
            walkdir(os.path.join(source, fname), gmail)
           
if __name__ == '__main__':
    source = sys.argv[1]
    sys.stdout.write("username: %s\n" % fromaddr)
    username = fromaddr
    password = getpass("Enter password: ")

    s = smtplib.SMTP(server)
    code = s.ehlo()[0]
    usesesmtp = 1
    if not (200 <= code <= 299):
        usesesmtp = 0
        code = s.helo()[0]
        if not (200 <= code <= 299):
            raise SMTPHeloError(code, resp)

    if usesesmtp and s.has_extn('starttls'):
        print "Negotiating TLS...."
        s.starttls()
        code = s.ehlo()[0]
        if not (200 <= code <= 299):
            print "Couldn't EHLO after STARTTLS"
            sys.exit(5)
        print "Using TLS connection."
    else:
        print "Server does not support TLS; using normal connection."

    try:
        s.login(username, password)
    except smtplib.SMTPException, e:
        print "Authentication failed:", e
        sys.exit(1)


    walkdir(source, s)

硬盘紧张,想把以前下的图书传到gmail中。

gmail附件最大只能为25M,所以需要先分割文件,为保险每块为24M。

split函数实现的就是命令split,所以要合并文件,只需用 cat filename-part0001 filename-part0002 filename-part0003 > filename 就可以了。

需要有两个gmail,使用一个向另一个发送邮件。

发送邮件部分是从Python网络编程中拿来的。

 

 

Posted by 王者归来 Filed in python Tagged by script Comments[0]

自动更换 gnome 桌面壁纸的python脚本

2009年4月23日 17:35

 

#!/usr/bin/env python
# vim: set fileencoding=utf-8:
import os.path, fnmatch
import os, random, time

def listFiles(root, patterns='*', recurse=1, return_folders=0):

    # Expand patterns from semicolon-separated string to list           
    pattern_list = patterns.split(';')
    # Collect input and output arguments into one bunch
    class Bunch:
        def __init__(self, **kwds): self.__dict__.update(kwds)
    arg = Bunch(recurse=recurse, pattern_list=pattern_list,
        return_folders=return_folders, results=[])

    def visit(arg, dirname, files):
        # Append to arg.results all relevant files (and perhaps folders)
        for name in files:
            fullname = os.path.normpath(os.path.join(dirname, name))                #目录规范化
            if arg.return_folders or os.path.isfile(fullname):                      #判断是否返回目录。 是否是文件
                for pattern in arg.pattern_list:                                    #模式匹配用 "or" ,符合一个就ok
                    if fnmatch.fnmatch(name, pattern):
                        arg.results.append(fullname)                                #结果中添加文件名称
                        break
        # Block recursion if recursion was disallowed
        if not arg.recurse: files[:]=[]                               #把list中目录包含的文件/子目录置空,子目录没了哈

    os.path.walk(root, visit, arg)

    return arg.results

thefiles = listFiles('/home/gentoo/picture/wallpaper/', '*.jpg;*.gif;*.png', 1, 0)
while True:
    try:
        num = random.randint(0, len(thefiles))
        cmd = 'gconftool-2 --type string --set /desktop/gnome/background/picture_filename ' + thefiles[num-1]
        os.system(cmd)
        time.sleep(60*5);
    except:
        raise SystemExit

 代码被格式化的看起来有点乱,整个脚本是标准的网络制造,

把搜索来的遍历目录和如何用命令更改桌面两个功能组装一下就成了。

实现的功能就是第隔5分钟更换一次桌面。

遍历的部分可以设置要搜索的后缀名、是否遍历和是否返回目录,很是强大。

Posted by 王者归来 Filed in python Tagged by script Comments[0]

python点滴

2009年3月11日 00:57

1.文字编码识别

dev-python/chardet 是可识别文字编码类型的python库

$cat encoding_detector.py

#!/usr/bin/env python
# vim: set fileencoding=utf-8:
import chardet
import sys

print chardet.detect(open(sys.argv[1], 'r').read())

$./encoding_detector.py weird_coding_file

{'confidence': 0.98999999999999999, 'encoding': 'GB2312'}
 

2.文字编码转换

将gb2312编码的文件转换为utf8

$iconv -f gb2312 -t utf8 weird_coding_file > utf8_coding_file

但如果文件中有非gb2312编码的字符,就会使转换中止。

这时可以用python提供的库。

$cat gb2312toutf8.py

#!/usr/bin/env python
# vim: set fileencoding=utf-8:
import sys

fp1 = open(sys.argv[1], 'r')
fp2 = open(sys.argv[2], 'w')
fp2.write(fp1.read().decode('GB2312', 'ignore').encode('UTF-8', 'ignore'))

$./gb2312toutf8.py input output

上面的ignore参数,可以忽略解码过程中的异常。

Posted by 王者归来 Filed in python Tagged by python Comments[0]