绿雨一气呵成 iPad 3.2.2固件越狱不求人

从来没有像iOS 4.1、iOS 3.2.2越狱这样一波三折——久负盛名的DEV-Team早在一个月前就宣布要放出基于SHAtter漏洞的绿毒（GreenPis0n），并在一周前确认发布时间为2010年10月10日10点10分。可就在发布前夕，神奇小子Geohot突然发力，直接拿出了Limera1n，轻松解决了iPad iOS 3.2.2、iPhone iOS 4.1越狱，让DEV Team被迫推迟绿毒发布。与此同时，Geohot也在不断修正Limera1n程序。截至发稿前，Limera1n最新版本为Beta 4。

在绿雨LimeRa1n发布不久，我们就为大家准备好了苹果iPhone iOS 4.1的越狱教程。接下来当然是要搞定iPad iOS 3.2.2越狱，事实上iOS 3.2.2越狱和iOS 4.1越狱大致相当，只要胆大心细谁都能不求人轻松搞定。

iPad 3.2.2越狱不求人 准备篇

和之前神奇小子Geohot发布的所有越狱工具一样，Limera1n也无需重刷iOS系统。只是相比以往，由于Cydia撞墙，所以完成越狱后我们必须使用VPN或者代理服务器才能成功加载。

与此同时，我们还需要把iTunes升级到最新的iTunes 10版本，并确保iTunes能和iPad正常同步。最后当然是要猛击此处下载最新的Limera1n Beta 4(解压密码：www.evolife.cn)，顺带通过iTunes做好备份。

iPad 3.2.2越狱不求人 实战篇

完成准备功夫之后，自然就开始实战iPad 3.2.2固件越狱了。我们首先确保iPad和iTunes正常连接，关闭所有的杀毒软件防火墙。然后找到下载来解压缩后的limera1n.exe文件，点击右键“以管理员身份运行”。

此时会弹出Limera1n的提示界面。我们点击make it ra1n。iPad就会自动重启进入恢复模式，iTunes也会提示找到一个处于恢复状态的设备。

然后我们根据limera1n提示同时按住Home键和电源键，一直到出现提示“Release Power Button”后保持按住Home键，然后松开电源键大约10秒。此时limera1n就会提示Entering the DFU Mode——此时我们就可以松开所有按键，等待Limera1n自动搞定剩下的工作。

完成上述所有工作后，你的iPad会显示出一个绿色雨滴Logo，随即自动关机——随着屏幕上Limera1n提示Done，iPad 3.2.2/3.2.1固件的越狱就此完成！接下来我们要再度打开iPad，开始安装Cydia和AppSync补丁了！

iPad 3.2.2越狱不求人 安装篇

完成了越狱后，iPad程序中会出现Limera1n图标，由于在国内因为众所周知的原因无法连接到Limera1n网站和Cydia，所以这个图标暂时是白色的。此时我们配置好VPN或者代理服务器，确保可以访问Limera1n.com网站的情况下，点击该白色图标，然后在弹出界面中选择Install Cydia。Limera1n就会开始下载Cydia到你的iPad中。整个过程大约耗时5分钟。

完成下载后，Cydia会自动运行——如果没有，在主界面中运行也没问题。首次运行Cydia，Cydia会自动加载配置程序，完成后自动退出Cydia。我们此时要确保网络、代理服务器或者VPN正常运行，然后慢慢等待Cydia完成配置——整个配置过程大概需要5分钟。

完成配置后，Cydia和Limera1n的图标就不再是一片惨白。我们再点击Cydia运行，Cydia将会提示以什么样的用户身份进行配置。如果不需要命令行，我们点User即可。随后Cydia还会自动进行在线更新，我们强力建议大家不要嫌麻烦，点击Compelety Upgrade，完成所有更新后再进入下一步。更新过程中Cydia还可能重启或自行关闭。

更新完成后我们再度进入Cydia，选择下方的Manage，然后找到Source，点击右上角Add，然后添加一个新源：http://cydia.hackulo.us。注意该源同样需要代理服务器或VPN链接才能正确下载。

完成添加后，在该源提供的软件中找到AppSync for OS 3.2进行安装。然后退出Cydia，重新启动iPad就完成了所有越狱破解动作——此时你安装任何APP都将不受限制。必须注意的是，iPad 3.2.2/3.2.1越狱只能安装AppSync for OS 3.2补丁，除此以外安装其他任何版本的补丁都将直接导致白苹果系统崩溃。

Prevent DOS with iptables

After a recent conversation on the Ubuntu Forums I wanted to post an example of using iptables.

Of course there are several types of DOS attacks , in this post I will demonstrating the use if iptables to limit the traffic on port 80.

The goal is to keep your web server “responsive” to legitimate traffic, but to throttle back on excessive (potential DOS) traffic.

In this demonstration iptables is configured :

1. The default policy is ACCEPT (to prevent lockout in the event of flushing the rules with iptables -F).


2. “Legitimate” traffic is then allowed. In this example I am allowing traffic only on port 80.


3. All other traffic is then blocked at the end of the INPUT chain (the final rule in the INPUT chain is to DROP all traffic).

The rules I will demonstrate are as follows:

First rule : Limit NEW traffic on port 80

sudo iptables -A INPUT -p tcp --dport 80 -m state --state NEW -m limit --limit 50/minute --limit-burst 200 -j ACCEPT

Lets break that rule down into intelligible chunks.

-p tcp --dport 80 => Specifies traffic on port 80 (Normally Apache, but as you can see here I am using nginx).

-m state NEW => This rule applies to NEW connections.

-m limit --limit 50/minute --limit-burst 200 -j ACCEPT =>This is the essence of preventing DOS.

• “--limit-burst” is a bit confusing, but in a nutshell 200 new connections (packets really) are allowed before the limit of 50 NEW connections (packets) per minute is applied.

For a more technical review of this rule, see this netfilet page. Scroll down to a bit to the “limit” section.

Second rule – Limit established traffic

This rule applies to RELATED and ESTABLISHED all traffic on all ports, but is very liberal (and thus should not affect traffic on port 22 or DNS).

If you understood the above rule, you should understand this one as well.

sudo iptables -A INPUT -m state --state RELATED,ESTABLISHED -m limit --limit 50/second --limit-burst 50 -j ACCEPT

In summary, 50 ESTABLISHED (and/or RELATED) connections (packets really) are allowed before the limit of 50 ESTABLISHED (and/or RELATED) connections (packets) per second is applied.

Do not let that rule fool you, although it seems very open, it does put some limits on your connections.

Test it for yourself, try using the first rule with and without the second rule.

Full set of rules

After the above commands, here is the complete set of rules I am testing:

iptables-save
# Generated by iptables-save v1.4.4 on --
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on --
# Generated by iptables-save --
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on --
# Generated by iptables-save v1.4.4 on --

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -m limit --limit 50/sec --limit-burst 50 -j ACCEPT
-A INPUT -p icmp -m limit --limit 1/sec -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -m limit --limit 50/min --limit-burst 200 -j ACCEPT
-A INPUT -j LOG
-A INPUT -j DROP
-A FORWARD -j DROP
-A OUTPUT -o lo -j ACCEPT
COMMIT
# Completed on --

This rule set is for demonstration only and is NOT a complete set of rules for a web server. Do no use this rule set unmodified on a production server.

Testing the rule set

Human interaction

Open Firefox, point it to your web page. The web page should load nice and fast.

Hit F5 repetitively, load the page as fast as you can. Your web site should remain nice and responsive.

So far, so good, we want our site to remain responsive.

Simulated DOS

Actual DOS attacks are many times faster then humans, here I will use ab.

See this link or the Apache documentation for information of ab.

Baseline, without the above 2 rules

ab -n 100 -c 10 http://bodhi's_test_server.com/
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking bodhi's_test_server.com (be patient).....done

Server Software:        nginx
Server Hostname:       bodhi's_test_server.com
Server Port:            80

Document Path:          /
Document Length:        59786 bytes

Concurrency Level:      10
Time taken for tests:   13.174 seconds
Complete requests:      100
Failed requests:        0
Write errors:           0
Total transferred:      6002700 bytes
HTML transferred:       5978600 bytes
Requests per second:    7.59 [#/sec] (mean)
Time per request:       1317.369 [ms] (mean)
Time per request:       131.737 [ms] (mean, across all concurrent requests)
Transfer rate:          444.98 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:      122  129   2.2    128     134
Processing:  1151 1182  19.1   1177    1260
Waiting:      125  132   8.2    128     170
Total:       1280 1310  19.3   1305    1390

Percentage of the requests served within a certain time (ms)
  50%   1305
  66%   1313
  75%   1316
  80%   1321
  90%   1328
  95%   1354
  98%   1386
  99%   1390
 100%   1390 (longest request)

Notice:

Requests per second: 7.59 [#/sec] .

Total time for requests: 13 seconds .

(Data) Transfer rate: 444.98 [Kbytes/sec] .

With the above rules

First attempt:

ab -n 100 -c 10 http://bodhi's_test_server.com/
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking bodhi's_test_server.com (be patient)...apr_poll: The timeout specified has expired (70007)
Total of 99 requests completed

Oh no ! timed out, LOL

Second attempt (I reduced the number of requests to 90):

ab -n 90 -c 10 http://bodhi's_test_server.com/
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking bodhi's_test_server.com (be patient).....done

Server Software:        nginx
Server Hostname:       bodhi's_test_server.com
Server Port:            80

Document Path:          /
Document Length:        59786 bytes

Concurrency Level:      10
Time taken for tests:   69.684 seconds
Complete requests:      90
Failed requests:        0
Write errors:           0
Total transferred:      5402430 bytes
HTML transferred:       5380740 bytes
Requests per second:    1.29 [#/sec] (mean)
Time per request:       7742.658 [ms] (mean)
Time per request:       774.266 [ms] (mean, across all concurrent requests)
Transfer rate:          75.71 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:      123  128   4.3    127     155
Processing:  1036 6269 10081.4   1921   51059
Waiting:      125 1240 5908.7    128   49656
Total:       1159 6396 10081.1   2044   51186

Percentage of the requests served within a certain time (ms)
  50%   2044
  66%   2981
  75%   5478
  80%   7047
  90%  20358
  95%  27356
  98%  48218
  99%  51186
 100%  51186 (longest request)

Notice :


Requests per second: 1.29 [#/sec] (mean)

Total time for requests: 69 seconds.

(Data) Transfer rate: 75.71 [Kbytes/sec] [Kbytes/sec].

For those unfamiliar with ab, that is a “minor” DOS

For comparison, here is what ab can do to the server (iptables was flushed [disabled]):

ab -n 1000 -c 100 http://bodhi's_test_server.com/
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking bodhi's_test_server.com (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Completed 1000 requests
Finished 1000 requests

Server Software:        nginx
Server Hostname:       bodhi's_test_server.com
Server Port:               80

Document Path:          /
Document Length:        58708 bytes

Concurrency Level:      100
Time taken for tests:   59.324 seconds
Complete requests:      1000
Failed requests:        945
   (Connect: 0, Receive: 0, Length: 945, Exceptions: 0)
Write errors:           0
Total transferred:      59190450 bytes
HTML transferred:       58945935 bytes
Requests per second:    16.86 [#/sec] (mean)
Time per request:       5932.368 [ms] (mean)
Time per request:       59.324 [ms] (mean, across all concurrent requests)
Transfer rate:          974.37 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:      127  908 817.9    788    8016
Processing:   735 4779 1805.2   4368   15707
Waiting:      128  981 827.2    811   12143
Total:       1058 5687 1880.8   5269   17450

Percentage of the requests served within a certain time (ms)
  50%   5269
  66%   5899
  75%   6340
  80%   6863
  90%   8078
  95%   9001
  98%  10937
  99%  11730
 100%  17450 (longest request)

Notice :

Requests per second: 16.86 [#/sec]

Total time for requests: 69 seconds.

(Data) Transfer rate: 974.37 [Kbytes/sec] .

As you can see, the server has no problem dishing out 974.37 [Kbytes/sec] !!!

Closing remarks

Hopefully you now understand this “simple” example limiting a DOS on port 80.

With these rules your web site remains responsive to human interaction in firefox. Go ahead, hit F5 (refresh the page) as fast as you can, see if you can get your web page to slow down =) .

The difference is that as with a DOS attack, ab is hitting the server faster then you can with F5 , so your site is responsive to “normal” activity, but blocks DOS.

Obviously this is but one example and there are several types of DOS attacks. The goal is to demonstrate the use of iptables using a few “simple” rules.

You task is to take this knowledge and apply it to you own server.

Pandoc is a Swiss Army knife text conversion utility

by Erez Zukerman (RSS feed) Oct 27th 2010 at 10:00AM

I love Markdown. If you write any sort of content for the Web, you really should try it; it's a simple notation system for making text bold or italic, creating headlines and bulleted lists, and more. To make text bold, for example, you just need to surround it with asterisks.

Converting Markdown into valid HTML is a fairly common task, and there's no dearth of tools that do this. But Pandoc caught my eye because it can do this and a whole lot more. Plus it's free, open source, and cross-platform.

Pandoc understands Markdown, HTML, and several other formats, and it can output:

• plain text – i.e., strip all HTML and give you just the text



• Markdown – so you can convert HTML back into Markdown for editing


• And a whole list of other formats, including HTML, LaTeX, ConTeXt, PDF, RTF, DocBook XML, OpenDocument XML, ODT, GNU Texinfo, MediaWiki markup, groff man pages, EPUB ebooks, and S5 and Slidy HTML slide shows

It even supports PDF output using a helper utility. So yes, it can convert Markdown to HTML (and vice versa), but it can do so much more, too. It's definitely one for the toolbox!

Defend against Firesheep by surfing securely with HTTPS

Defend against Firesheep by surfing securely with HTTPS

by Sebastian Anthony (RSS feed) Oct 27th 2010 at 11:00AM

The last couple of days have seen the launch and explosive proliferation of a Firefox add-on called Firesheep. It's an incredibly simple program that snoops unsecured Wi-Fi packets to grant you one-click masquerading of other users: if you log into Facebook at the local coffee shop, someone can use Firesheep to become you. Seriously, you can go along to any location with an unsecured Wi-Fi network and steal other users' accounts.




Firesheep does this by 'scooping' cookies out of the air. Whenever you log into a website your name and password is only sent once -- afterwards, a stored authorization token is used. This means that if someone has your cookie they can pretend to be you -- and with unsecured wireless networks, anyone can grab your cookie.



This is a huge issue, and you have every right to be concerned -- but there is a solution!



Hopefully you've all heard about SSL and HTTPS, the encryption techniques used to secure Internet communications. The 'secure padlock' icon in your browser is most commonly found when buying things online, but most major sites also use it to secure login and registration. If you see this padlock, you are safe. If you could browse the entire Internet with that secure padlock in place then I wouldn't be writing this post.




Unfortunately, many sites redirect you to an unsecured page after you log in. Yes, your password remains secret -- but what good is that if your exposed cookie can be stolen by anyone on the same unsecured Wi-Fi network?



Fortunately, there are a few solutions for Firefox, and at least one good solution for every other browser.

The key to staying safe is by forcing every connection to use HTTPS, or to go via another connection that encrypts your communication. Almost every website has HTTPS capabilities, but because of the increased overhead that encrypted communication requires, it's often only used for logins and registering. Years ago this might not even have become an issue, but with everyone storing more and more personal information on services like Facebook and Google, and with Wi-Fi blanketing our streets and coffee shops, encryption really is required.

If you use Firefox, these add-ons should do the trick:

• HTTPS Everywhere -- this gem from the Electronic Frontier Foundation is about as good as it gets. By default it forces most popular websites to use HTTPS, and you can add your own rules for other sites. This is one of the few add-ons that I use everywhere


• Torbutton -- this solution is slightly more involved (it's for power-users), but if you want to be really secure and anonymous, the Tor network is a fantastic solution



• Force-TLS -- this is like HTTPS Everywhere, but doesn't come with a built-in dictionary of secure sites. Adding them is very easy, though

Chrome users, due to a limitation of the browser, aren't quite so lucky. There is no way to force HTTPS with an extension. You may have read elsewhere that KB SSL will help you, but it won't. Instead you need to use a secure SOCKS proxy. This isn't particularly hard, it does involve a bit of work.

• A guide for Windows users, using SpoonProxy


• A guide for Mac users, using Meerkat -- our sister site TUAW has a guide that might help, too

Opera and Internet Explorer users: you too will need to use a SOCKS proxy; just follow one of the guides above.




Ultimately, though, if you use unsecured Wi-Fi networks you will leave yourself exposed. The best solution might not be to install add-ons, but to ask your local coffee shop owner to secure his network with WPA2. The entire problem would go away if big-name websites used HTTPS across the board, too.

10 things you should know about IPv6 addressing

Over the last several years, IPv6 has been inching toward becoming a mainstream technology. Yet many IT pros still don’t know where to begin when it comes to IPv6 adoption because IPv6 is so different from IPv4. In this article, I’ll share 10 pointers that will help you understand how IPv6 addressing works.

Note: This article is also available as a PDF download.

1: IPv6 addresses are 128-bit Hexadecimal numbers

The IPv4 addresses we’re all used to seeing are made up of four numerical octets that combine to form a 32-bit address. IPv6 addresses look nothing like IPv4 addresses. IPv6 addresses are 128 bits long and are made up of hexadecimal numbers.

In IPv4, each octet is separated by a period. In IPv6, the hexadecimal characters are separated by colons. A group of hexadecimal characters can range from two to four characters in length.

2: Link local unicast addresses are easy to identify

IPv6 reserves certain headers for different types of addresses. Probably the best known example of this is that link local unicast addresses always begin with FE80. Similarly, multicast addresses always begin with FF0x, where the x is a placeholder representing a number from 1 to 8.

3: Leading zeros are suppressed

Because of their long bit lengths, IPv6 addresses tend to contain a lot of zeros. When a section of an address starts with one or more zeros, those zeros are nothing more than placeholders. So any leading zeros can be suppressed. To get a better idea of what I mean, look at this address:

FE80:CD00:0000:0CDE:1257:0000:211E:729C

If this were a real address, any leading zero within a section could be suppressed. The result would look like this:

FE80:CD00:0:CDE:1257:0:211E:729C

As you can see, suppressing leading zeros goes a long way toward shortening the address.

4: Inline zeros can sometimes be suppressed

Real IPv6 addresses tend to contain long sections of nothing but zeros, which can also be suppressed. For example, consider the address shown below:

FE80:CD00:0000:0000:0000:0000:211E:729C

In this address, there are four sequential sections separated by zeros. Rather than simply suppressing the leading zeros, you can get rid of all of the sequential zeros and replace them with two colons. The two colons tell the operating system that everything in between them is a zero. The address shown above then becomes:

FE80:CD00::211E:729C

You must remember two things about inline zero suppression. First, you can suppress a section only if it contains nothing but zeros. For example, you will notice that the second part of the address shown above still contains some trailing zeros. Those zeros were retained because there are non-zero characters in the section. Second, you can use the double colon notation only once in any given address.

5: Loopback addresses don’t even look like addresses

In IPv4, a designated address known as a loopback address points to the local machine. The loopback address for any IPv4-enabled device is 127.0.0.1.

Like IPv4, there is also a designated loopback address for IPv6:

0000:0000:0000:0000:0000:0000:0000:0001

Once all of the zeros have been suppressed, however, the IPv6 loopback address doesn’t even look like a valid address. The loopback address is usually expressed as ::1

6: You don’t need a traditional subnet mask

In IPv4, every IP address comes with a corresponding subnet mask. IPv6 also uses subnets, but the subnet ID is built into the address.

In an IPv6 address, the first 48 characters are the network prefix. The next 16 characters (which are often all zeros) are the subnet ID. And the last 64 characters are the interface identifier. Even though there is no subnet mask, you have the option of specifying a subnet prefix length.

7: DNS is still a valid technology

In IPv4, Host (A) records are used to map an IP address to a host name. DNS is still used in IPv6, but Host (A) records are not used by IPv6 addresses. Instead, IPv6 uses AAAA resource records, which are sometimes referred to as Quad A records. The domain ip6.arpa is used for reverse hostname resolution.

8: IPv6 can tunnel its way across IPv4 networks

One of the things that has caused IPv6 adoption to take so long is that IPv6 is not generally compatible with IPv4 networks. As a result, a number of transition technologies use tunneling to facilitate cross network compatibility. Two such technologies are Teredo and 6to4. Although these technologies work in different ways, the basic idea is that both encapsulate IPv6 packets inside IPv4 packets. That way, IPv6 traffic can flow across an IPv4 network. Keep in mind, however, that tunnel endpoints are required on both ends to encapsulate and extract the IPv6 packets.

9: You might already be using IPv6

Beginning with Windows Vista, Microsoft began installing and enabling IPv6 by default. Because the Windows implementation of IPv6 is self-configuring, your computers could be broadcasting IPv6 traffic without your even knowing it. Of course, this doesn’t necessarily mean that you can abandon IPv4. Not all switches and routers support IPv6, just as some applications contain hard-coded references to IPv4 addresses.

10: Windows doesn’t fully support IPv6

It’s kind of ironic, but as hard as Microsoft has been pushing IPv6 adoption, Windows does not fully support IPv6 in all the ways you might expect. For example, in Windows, it is possible to include an IP address within a Universal Naming Convention (\\127.0.0.1\C$, for example). However, you can’t do this with IPv6 addresses because when Windows sees a colon, it assumes you’re referencing a drive letter.

To work around this issue, Microsoft has established a special domain for IPv6 address translation. If you want to include an IPv6 address within a Universal Naming Convention, you must replace the colons with dashes and append .ipv6.literal.net to the end of the address — for example, FE80-AB00–200D-617B.ipv6.literal.net.

[免費] AutoCAD WS網路版CAD繪圖軟體、DWG閱讀器

AutoCAD是一套相當知名且相當好用的CAD設計軟體，最近該公司推出了線上版的AutoCAD WS線上編輯、檢視工具，儘管功能無法跟一般完整版軟體比擬，不過整體來說也相當方便實用。

除了可以讓一般Windows、Mac..等電腦透過網路瀏覽器直接線上編輯設計圖之外，還支援了iPhone、iPad與iPod Touch等手持裝置，做好的設計圖還可直接分享出來讓其他人線上瀏覽，只要在可以上網的地方就可以線上展示、編修設計圖.… 有興趣的人可以開來試試看。

AutoCAD WS主要特色：  （轉貼自廠商新聞稿）

網路和行動DWG瀏覽器可透過網路瀏覽器或行動設備，於任何地方進行AutoCAD設計的瀏覽；

線上DWG編輯器支援超過100個常見的AutoCAD繪圖和編輯工具，並提供直覺式操作畫面予CAD專業人士和非CAD專業人士；

內置共用功能可產生一個唯一的URL，邀請專案參與者線上瀏覽DWG檔案，並能設定其他人的許可權，以控制其瀏覽、編輯或下載圖紙和資料夾；

方便的線上儲存功能可把DWG和DXF檔案、影像檔案，以及其他相關專案檔案，整理、存放到專案檔案夾中，並支援包括DOC、JPEG、PNG和PDF在內的多種檔案格式；

即時協作能讓多人同時操作同一個DWG檔案，並即時瀏覽其所進行的變更；

設計階段表能捕捉和追蹤所有圖紙的變更，以利版本控制和審核。

Scrapwalls 把照片拼成可愛圖案、印成海報

很多人可能會在特別的節日或活動中拍攝很多別具意義的照片，如果只是放在電腦中看看而已就有點可惜。如果想要變點花樣，可以試試看本文所介紹的照片加工服務。

Scrapwalls透過線上28種不同的圖案，將我們拍好的照片拼貼成各種可愛的圖形，拼好的圖案除了可以用彩色印表機列印之外，也可直接抓圖下來分享給朋友或放在Facebook或部落格上讓大家欣賞。如果你比較有心的話，也可以使用線上的付費印刷服務，把它輸出成不同尺寸的海報，貼在牆上自己慢慢欣賞。（不便宜就是了）

網站名稱：Scrapwalls

網站網址：http://www.scrapwalls.com/

服務說明：可免費線上製作再自己抓圖下來，另可付費製作成海報、明信片等印刷品，運費外加美金10元，聽說25美金以上訂單免運費。

完成圖DEMO：

  

關於圖片的輸出品質，由於我自己也沒付費印過、也沒看過相關產品，如果有興趣的話建議多搜尋一下國外其他網友的意見，再參考看看。  

 

使用方法：

第1步  開啟Scrapwalls網站，按一下「Get Started」按鈕開始製作。

  

 

第2步  先選擇海報的尺寸。

  

 

第3步  選擇你要合成的外框圖案，接著再按「Continue」按鈕。

  

 

第4步  輸入Email與帳號密碼，免費建立一個帳戶。

  

 

第5步  按「Select Photos」按鈕選取你要上傳的圖片，然後再按「Upload Now」按鈕開始上傳。

  

 

第6步  上傳完圖片後，我們可以在視窗選擇哪些圖片要用、哪些不使用，確認完後再按「Continue」按鈕。

  

 

第7步  接著，我們可以直接在畫面中用滑鼠拖拉圖片、改變位置與圖片大小，設定完成後，可以按「Add to cart」加入購物車，準備結帳、送印。

如果你不想花錢印出來，可以只按「Share Now」按鈕，把完成圖顯示在網站上、分享給親朋好友看。

  

 

第8步  另外我們也可以用抓圖軟體或用鍵盤上的「PrtSc」抓圖按鈕把畫面抓下來，另外存成圖檔。