A POEM FOR THE WEST – 致西方的诗 (又名:why do you hate us?)

 
When we were the Sick Man of Asia, We were called The Yellow Peril.
When we are billed to be the next Superpower, we are called The Threat.
When we closed our doors, you smuggled drugs to open markets.
When we embrace Free Trade, You blame us for taking away your jobs.
When we were falling apart, You marched in your troops and wanted your fair share.
When we tried to put the broken pieces back together again, Free Tibet you screamed, It Was an Invasion!
When tried Communism, you hated us for being Communist.
When we embrace Capitalism, you hate us for being Capitalist.
When we have a billion people, you said we were destroying the planet.
When we tried limiting our numbers, you said we abused human rights.
When we were poor, you thought we were dogs.
When we loan you cash, you blame us for your national debts.
When we build our industries, you call us Polluters.
When we sell you goods, you blame us for global warming.
When we buy oil, you call it exploitation and genocide.
When you go to war for oil, you call it liberation.
When we were lost in chaos and rampage, you demanded rules of law.
When we uphold law and order against violence, you call it violating human rights.
When we were silent, you said you wanted us to have free speech.
When we are silent no more, you say we are brainwashed-xenophobics.
Why do you hate us so much, we asked.
No, you answered, we don’t hate you.
We don’t hate you either, But, do you understand us?
Of course we do, you said,We have AFP, CNN and BBC’s…
What do you really want from us?
Think hard first, then answer… Because you only get so many chances.
Enough is Enough, Enough Hypocrisy for This One World.
We want One World, One Dream, and Peace on Earth.
This Big Blue Earth is Big Enough for all of Us.

Duo-Liang Lin, Ph. D
Professor Emeritus of Physics,
University at Buffalo, State University of New York, Buffalo, New York 14260-1500
Email:
LLIN@buffalo.edu

 

致西方的诗
当我们是“东亚病夫”,我们被称为“黄祸”。
当我们被宣传为下一个“超级强国”,我们被称为“威胁”。
当我们关上门户,你们走私毒品来打开市场。
当我们拥抱自由贸易,你们指责我们夺走你们的工作。
当我们分裂成碎片,你们的军队进来想分一份。
当我们想把碎片拼回,你们叫嚣“这是入侵,西藏自由”。
当我们试行共产主义,你们恨我们是共产党人。
当我们拥抱资本主义,你们恨我们是资本家。
当我们有十亿人,你们说我们正毁灭地球。
当我们尝试控制人口,你们说我们侵犯人权。
当我们穷,你们认为我们是狗。
当我们借钞票给你们,你们指责我们令你们国家负债。
当我们建立我们的工业,你们称我们为“污染国”。
当我们向你们出售商品,你们指责我们令地球暖化。
当我们购买石油,你们称之为剥削和种族灭绝。
当你们为石油而开战,你们称之解放。
当我们迷失于混乱和狂躁,你们要求法治。
当我们捍卫法治打击暴乱,你们称之违反人权。
当我们沉默,你们说希望我们有言论自由。
当我们不再沉默,你们说我们是被洗脑的仇外者。
为什么你们如此恨我们,我们问。
不,你们回答,我们不恨你们。
我们也不恨你们,但,你们明白我们吗?
我们当然明白,你们说,
我们有法新社、CNN、BBC……
其实你们想从我们这儿得到什么?
想清楚,再回答……
因为你们只获得这么多的机会。
够了够了,这同一个世界已够虚伪。
我们要的是同一个世界、同一个梦想和世界和平。
这个蓝色大地球大得足以容纳我们所有人。

http://newsweek.washingtonpost.com/postglobal/pomfretschina/2008/04/chinese_nationalism_threatens.html

DNS Forwarder vs Root Hints with ISA 2000

Question:
Recently we have experienced a slowdown in resolving names. Our DNS Server uses a forwarder to our ISP. When I connect to the ISP’s modem directly there is no problem resolving addresses (eg nslookup www.microsoft.com) so the problem does not appear to be our ISP’s DNS servers.
When I do the same from either the ISA Server, the DNS server or a client workstation behind the ISA server I cannot resolve. If I remove the forwarder and rely solely on root hints everything works fine.
On the ISA server I have a
1. packet filter for DNS lookup
2. protocol rule with selected protocols DNS Query and DNS Query Server
All of the above worked well until a few weeks ago. There are no events on the DNS Server or ISA Server that seem to relate to the problem.
Why would ISA block a DNS Server from using forwarders but allow resolution of a DNS query via root hints?
Answer:
What DNS server are you using?  Is this a native Windows 2000 or 2003 DNS server?  Is the DNS server inside/behind the ISA server?  And, I assume you are forwarding to the same ISP DNS server that you verified works correctly by querying it directly from outside the ISA server.
Have you tried querying the ISP DNS server directly by using nslookup on various machines behind the ISA server (a client, the DNS server, the ISA server itself)?  Do this with the "server w.z.y.z" command in nslookup, and specify the IP address of the remote server, not it’s name.
Aside from the destination of the lookups, there is very little difference between the DNS queries sent to a forwarder, and those sent to the root servers and other remote nameservers.  The main difference is the "RD" bit (recursion desired).  It is unlikely that ISA would be concerned by that bit.  Still, you can simulate that by sending a non-recursive query through nslookup (set norecurse).  If you do that, and tell nslookup to use ISP DNS server (using the server command), and also enable detailed debugging (set d2), you should see if you get some sort of answers back, and then try a recursive query (set recurse) and see if you get an answer from that.  This might help you diagnose if ISA is interfering with resursive queries.
 

After-math and clear ISA cache

You can clear the cache by stopping the Web Proxy Service (in the ISA Server Management tool) then deleting the urlcache folder or deleting the dir1.cdat file located at x:\urlcache, the location of which will be specified in the cache configuration section.
Restart the Web Proxy service and the urlcache folder and it’s contents will be recreated (albeit empty)
p.s this assumes that you have ISA server 2000. 

陈冲的文章、她演的《海外赤子》和电影里的歌

   [youtube=http://www.youtube.com/watch?v=kIisHdMQXmU&hl=en]
 
中文译文:
 
  我1961年生于上海,在文化大革命中长大。我小时候,亲眼看见我们的房子被人夺去。我的爷爷早年在英伦学习医学,在被污蔑为现行反革命和外国间谍后含恨自尽。
  往事不堪回首。
  七十年代末文化大革命结束,我目睹了中国难以置信的变革过程,过去很难想象的变化在一代人的身上发生,一个与西方社会无关的共产主义政府改革开放并希望重返国际社会。
  公有制经济转变为市场经济,这极大的提升了人们的生活水平,很明显,大多数的中国人享受着比30年前更加富足的生活。尽管还有未尽之处,但中国政府正在促进开放并努力融入国际社会。
  上个月我回到中国,在上海、北京、香港、成都参加为期四周的访问。我见到的人充满自豪地向我谈及在北京的奥运会。他们把奥运会当作向外展示现代中国的绝好时机。正如许多美国人一样,大多数中国人也被近期发生在西藏的实践所搅扰。但是看过纵火者和暴徒们制造的暴力场面之后,中国人相信他们的政府决策正确,平息暴乱,恢复秩序。
  圣火正在加利福尼亚传递,今天马上就会到达旧金山。San Francisco Board of Supervisors的成员Chris Daly提出一项反华议案:声称通过示威阻止圣火传递是旧金山人一生难得一遇的机会以帮助十三亿中国人取得更多的自由和权力。出于信誉,Gavin Newsom市长没有签署这项议案。
  这份声明并不真实,一方面,中国人有志气,他们需要自由和更多的权利,但他们也知道者必须在他们之内取得。他们知道没有人可以赋予他们这些通过遥远的的途径。西方帝国主义的臭名和鸦片战争也强烈的昭示过去,中国人不需要外界强加的民主政治,他们也不希望美国抵制这个运动会的公开仪式。美国抵制1980年在莫斯科的奥运会,苏联抵制1984年在洛杉矶的奥运会,他们一无所获。美国抵制在北京举行的圣火传递仪式只会在两国关系之间制造反作用。
  过去十多年来,在华盛顿的反华人权组织已经花费几百万美元用于诬蔑中国。对于许多中国人来说,这似乎已经是美国媒体和美国政府唯一可以接受的和有报道价值的声音。时过境迁,我们需要开启思路放眼长远。我们要朋友不要敌人。还记得1970年的乒乓外交在中美关系上发挥的作用吗?让我们发扬奥林匹克精神,架设友谊的桥梁,而不是把它当作一个政治角斗场。
 
Joan Chen 是一位演员和导演,她于1989年成为美国公民。

What the hack is this nihaorr1.com/1.js? – updated Apr.19


Found anything special in the following Google search results?
    
Yes, except the 3rd link that points to the IIS.net forum, all other destinations in the search results have been compromised.  The codes between <script src= … and … </script> were planted into the contents of those websites by some kind of malicious hacking mechanism without webmasters’ awareness.  Do NOT click on any of those links!!!

This thread in IIS.net forum, Anyone know about www.nihaorr1.com/1.js? tells part of the story by a few people talking about their findings.  Basically, once the website is juggled, when the visitor clicks on the link that have hacking code implanted, the browser will be redirected to www.nihaorr1.com website and 1.js from that website will be executed.  Most web visitors would not notice anything except something like "Page cannot be found" shown in the brower, which doesn’t mean anything harmful.  But actually, the codes have already be running on their PCs.  So far, I saw there were test.exe, 1.js, Yahoo.php pulled from that website to the clients.  Those files are executable, if you have antivirus software installed with up-to-date antivirus definition, they will be quarantined; if you don’t have, I don’t know …

Webmasters, especially those run IIS, use ASP codes and have SQL database in the backend, check your servers, codes and databases.  Thousands of websites have been compromised as shown in Google search results.  There is no official information yet, but I personally quite agree to rwmorey, eftennis and davcox’s comments in http://forums.iis.net/p/1148917/1867622.aspx.  I will also add some new findings in the new few days. [Apr.18]

There are 2 more domains that could contain the same malicious code: aspder.com, 414151.com.  From somewhere some hackers are trying to plant the code in your web server or SQL database, so your visitor will be redirect to those sites and probably get infected.

Here is more details found in the Malware Domain Blocklist:

The IP address 60.172.219.4 contains

414151..com and a new domain, aspder..com

Source: http://www.robtex.com/ip/60.172.219.4.html

aspder..com resolves, and there are iframes popping up in google:

http://www.google.com/search?q=aspder.com

Needless to say, block this IP and domain. If anyone can download and analyze the iframe, we would appreciate more information. Thanks.

UPDATE: it’s a sql injection attack, see these links for more detail:

http://www.webhostingtalk.com/showthread.php?t=686032
http://www.webhostingtalk.com/showthread.php?p=5062187

These posts also mention twww..nihaorr1..com/1.js

Also in those threads in Web Hosting Talk (two links above), there are more details about how the hackers plant the code in you web servers and SQL servers.  The following is copied from that site:

Here is a link to shed light on the problem and how to mitigate it –

http://www.codeproject.com/KB/database/SqlInjectionAttacks.aspx

Many high profile sites got hit by the injection of early april and also one in early march. Sites like usatoday-dot-com, forbes-dot-com, walmart-dot-com, and on and on. Several thousand sites got hit.

Here are some more links about it –

http://myitforum.com/cs2/blogs/cmosby/archive/2008/04/04/nmidahena-sans-internet-storm-center.aspx

http://isc.sans.org/diary.html?storyid=4210

http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html

Block the following on your proxy servers, home routers and other Internet gateway device, so your user will not get infected when the website they visit is compromised.  Besides the web and SQL servers, these are how you control the controllable as a server/network administrator.

IPs
60.172.219.4
24.28.193.9
219.153.46.28

Domains
aspder.com
*.aspder.com
nihaorr1.com
*.nihaorr1.com
414151.com
*.414151.com

Microsoft also published a security advisory 951306, not sure if it’s relevant, need to test and prove.  [Apr.19]