Tagged articles

2152 articles

Page 10 of 22

Oct 18, 2023 · Information Security

Critical libcurl Vulnerabilities (CVE-2023-38545 & CVE-2023-38546) and Upcoming curl 8.4.0 Patch

The article reports two high‑severity libcurl vulnerabilities (CVE‑2023‑38545 and CVE‑2023‑38546) disclosed by curl’s maintainer, explains the limited public information before the scheduled curl 8.4.0 release, and urges developers to upgrade promptly due to the library’s widespread use.

CVE-2023-38545CVE-2023-38546Vulnerability

0 likes · 5 min read

Critical libcurl Vulnerabilities (CVE-2023-38545 & CVE-2023-38546) and Upcoming curl 8.4.0 Patch

Open Source Tech Hub

Oct 17, 2023 · Information Security

Master Casbin: Beginner’s Guide to Powerful Access Control for PHP/Webman

This guide introduces Casbin, an open‑source access‑control framework, explains its supported languages, core features, installation steps, configuration details, and provides practical code examples for integrating Casbin with PHP Webman projects.

AuthorizationCasbinPHP

0 likes · 7 min read

Master Casbin: Beginner’s Guide to Powerful Access Control for PHP/Webman

Open Source Tech Hub

Oct 16, 2023 · Information Security

Mastering JWT Authentication in PHP: From Basics to Advanced Usage

This guide explains the limitations of traditional session authentication, introduces JSON Web Token (JWT) as a scalable cross‑domain solution, and provides step‑by‑step instructions for installing, configuring, generating, and validating JWTs in PHP applications, including supported algorithms and practical code examples.

APIAuthenticationJWT

0 likes · 9 min read

Mastering JWT Authentication in PHP: From Basics to Advanced Usage

Top Architect

Oct 16, 2023 · Information Security

Understanding SSO and OAuth2.0: Concepts, Processes, and Differences

This article explains the fundamentals of Single Sign‑On (SSO) and OAuth2.0, compares their token‑based authentication mechanisms, details typical implementation flows such as CAS, and clarifies the distinctions among SSO, OAuth2, JWT, Spring Security and Shiro, while also noting related promotional content.

CASOAuth2SSO

0 likes · 9 min read

Understanding SSO and OAuth2.0: Concepts, Processes, and Differences

Rare Earth Juejin Tech Community

Oct 16, 2023 · Frontend Development

Comprehensive Front‑End Code Review Checklist and Best Practices

This article presents a detailed front‑end code review guide covering quality, functionality, performance, security, testability, readability, reusability, compatibility, polyfill configuration, and practical testing examples such as Cypress end‑to‑end tests, all organized with clear checklists and code snippets.

Code reviewbest practicesfrontend

0 likes · 17 min read

Comprehensive Front‑End Code Review Checklist and Best Practices

php Courses

Oct 14, 2023 · Backend Development

Understanding and Using PHP's is_uploaded_file() Function

This article explains the purpose, usage, and practical examples of PHP's is_uploaded_file() function, demonstrating how to verify whether a file was uploaded via HTTP POST, interpret its boolean result, and apply it for secure file handling in backend development.

PHPbackend-developmentfile upload

0 likes · 4 min read

Understanding and Using PHP's is_uploaded_file() Function

21CTO

Oct 13, 2023 · Fundamentals

What Skills Will Tech Employers Demand in 2023? Insights from the Linux Foundation Report

The 2023 Linux Foundation Tech Talent Report reveals that employers prioritize cloud, container, security, AI/ML skills, emphasize continuous learning and certifications, and highlight emerging priorities such as AR/VR, blockchain, CI/CD, DevOps, and Kubernetes for staying competitive in the evolving tech market.

AIDevOpscertification

0 likes · 5 min read

What Skills Will Tech Employers Demand in 2023? Insights from the Linux Foundation Report

21CTO

Oct 12, 2023 · Information Security

Critical Curl 8.4.0 Update Fixes SOCKS5 Heap Overflow (CVE‑2023‑38545)

The new curl 8.4.0 release on October 11 patches a severe SOCKS5 heap buffer overflow (CVE‑2023‑38545), urging all developers and users to upgrade immediately to mitigate the dangerous vulnerability.

CVE-2023-38545SOCKS5UPDATE

0 likes · 2 min read

Critical Curl 8.4.0 Update Fixes SOCKS5 Heap Overflow (CVE‑2023‑38545)

FunTester

Oct 12, 2023 · Interview Experience

Master Performance Testing: Key Interview Questions & 12306 Crash Lessons

This article compiles essential performance testing interview questions, outlines a complete testing process with metrics and types, analyzes the 12306 ticketing system crash causes—including overload, bugs, security and network issues—and offers practical mitigation strategies for engineers.

12306 crashLoad TestingPerformance Testing

0 likes · 8 min read

Master Performance Testing: Key Interview Questions & 12306 Crash Lessons

php Courses

Oct 11, 2023 · Information Security

Google Advances Android Security by Migrating Native Code to Rust

Google reports that its ongoing migration of Android's native components from C++ to Rust has reduced memory‑related security bugs, with Rust now powering about 21% of new native code in Android 13 and being used to rewrite critical security modules such as the protected virtual machine firmware.

AndroidBare MetalMemory Safety

0 likes · 4 min read

Google Advances Android Security by Migrating Native Code to Rust

MaGe Linux Operations

Oct 10, 2023 · Information Security

Critical curl/libcurl Vulnerabilities CVE‑2023‑38545 & CVE‑2023‑38546 – What You Need to Know

The curl project announced the upcoming 8.4.0 release and disclosed two high‑severity CVEs that affect both the curl command‑line tool and the libcurl library, urging organizations to audit their usage, prepare upgrades, and stay alert for further details.

CVE-2023-38545CVE-2023-38546Vulnerability

0 likes · 5 min read

Critical curl/libcurl Vulnerabilities CVE‑2023‑38545 & CVE‑2023‑38546 – What You Need to Know

Top Architect

Oct 10, 2023 · Cloud Computing

Docker’s New Hybrid Tools: Next‑Gen Build, Debug, and Scout

Docker announced three new hybrid tools at DockerCon—Next‑Gen Docker Build, which claims a 39‑fold speed boost by leveraging cloud resources; Docker Debug, a language‑agnostic toolbox for faster container debugging; and Docker Scout, an integrated security assistant—highlighting a shift toward combined local and cloud development workflows.

Dockerbuild accelerationcloud computing

0 likes · 7 min read

Docker’s New Hybrid Tools: Next‑Gen Build, Debug, and Scout

php Courses

Oct 10, 2023 · Information Security

Common PHP Security Vulnerabilities and Mitigation Techniques

This article outlines prevalent PHP security issues such as SQL injection, cross‑site scripting, and session hijacking, and provides practical mitigation strategies with detailed code examples to help developers safeguard their applications against these attacks.

PHPSession Hijackingsecurity

0 likes · 4 min read

Common PHP Security Vulnerabilities and Mitigation Techniques

Liangxu Linux

Oct 9, 2023 · Operations

30 Essential Linux Interview Questions and Answers for Developers

This article compiles the most common Linux interview questions—covering core components, boot loaders, storage management, networking modes, essential commands, security features, and system administration tricks—providing concise answers and code examples to help developers and sysadmins prepare for technical interviews.

Networkinginterviewsecurity

0 likes · 17 min read

30 Essential Linux Interview Questions and Answers for Developers

Liangxu Linux

Oct 8, 2023 · Information Security

How to Enhance Linux History Logs with Timestamps and User Info for Better Auditing

This guide shows how to modify the /etc/profile file to configure the Bash history command to record timestamps, usernames, login IPs, and command numbers, enabling precise auditing of Linux user actions and helping administrators identify who performed which commands at any given time.

AuditingBashhistory

0 likes · 3 min read

How to Enhance Linux History Logs with Timestamps and User Info for Better Auditing

php Courses

Oct 8, 2023 · Information Security

Common PHP Security Issues and Mitigation Techniques

This article outlines frequent PHP security vulnerabilities such as SQL injection, XSS, unsafe file uploads, and sensitive data exposure, and demonstrates how to mitigate them with prepared statements, input escaping, file validation, and secure configuration practices using concrete code examples.

PHPfile uploadsecurity

0 likes · 5 min read

Common PHP Security Issues and Mitigation Techniques

DevOps

Oct 7, 2023 · Information Security

Best Practices for User and Permission Management in DevOps/SRE

This article outlines essential DevOps/SRE best practices for user and permission management, including creating individual accounts, dedicated service accounts, minimizing privileged access, using roles, rotating credentials, applying the principle of least privilege, separating environment permissions, enforcing strong passwords, multi‑factor authentication, and enabling audit logging.

IAMUser Managementsecurity

0 likes · 26 min read

Best Practices for User and Permission Management in DevOps/SRE

Rare Earth Juejin Tech Community

Oct 7, 2023 · Frontend Development

Comprehensive Front-End Code Review Checklist and Best Practices

This article presents a detailed front‑end code review guide covering code quality, functionality, performance, security, readability, reusability, compatibility, polyfills, and testing, complete with practical examples, checklist mnemonics, and code snippets for modern JavaScript frameworks.

Code reviewfrontendperformance

0 likes · 13 min read

FunTester

Oct 7, 2023 · Backend Development

Designing a Secure Payment Funds Account System: Architecture, Accounting Rules, and Best Practices

This article presents a comprehensive guide to building a payment funds account system, covering core concepts such as account balance, ledger, and voucher, accounting principles like double‑entry bookkeeping, storage choices with TDSQL, security measures using the STRIDE model, consistency guarantees, distributed transactions, high‑availability design, and operational practices such as idempotency, rate limiting, and thorough auditing.

Backend Architecturedistributed-transactionfunds account

0 likes · 37 min read

Designing a Secure Payment Funds Account System: Architecture, Accounting Rules, and Best Practices

Cognitive Technology Team

Oct 6, 2023 · Fundamentals

Why Java Strings Are Immutable: Performance, Security, and Thread‑Safety Benefits

The article explains why Java's String class is immutable, highlighting performance gains from constant‑pool caching, security advantages for sensitive data, thread‑safety without synchronization, and hash‑code caching that speeds up hash‑based collections in Java applications.

HashingStringimmutability

0 likes · 4 min read

Why Java Strings Are Immutable: Performance, Security, and Thread‑Safety Benefits

Architect

Oct 2, 2023 · Backend Development

Design and Implementation of a Secure Funds Account System

This article presents a comprehensive guide to designing and implementing a secure, cloud‑native funds account system for payment platforms, covering core concepts such as account structure, balance and transaction logs, accounting principles, storage selection, distributed transactions, security measures, consistency, availability, and best‑practice architectural patterns.

Backend ArchitectureDistributed Transactionsfunds account

0 likes · 34 min read

Design and Implementation of a Secure Funds Account System

DataFunTalk

Sep 29, 2023 · Artificial Intelligence

Edge‑Cloud Collaborative Graph Neural Network Recommendation Systems: Architecture, Personalization, Model Compression, and Security

This article reviews the evolution of underlying compute power for GNN‑based recommendation systems, explores edge‑side personalization, describes cloud‑edge collaborative implementations, discusses model compression and deployment strategies, and highlights security challenges of deploying GNN models on end devices.

Edge ComputingGNNmodel compression

0 likes · 11 min read

Edge‑Cloud Collaborative Graph Neural Network Recommendation Systems: Architecture, Personalization, Model Compression, and Security

AntTech

Sep 28, 2023 · Artificial Intelligence

IEEE Publishes Three International Standards for Biometric Recognition Performance Evaluation

IEEE has officially released three new international standards—IEEE 2884-2023 for face recognition, IEEE 2891-2023 for fingerprint recognition, and IEEE 2859-2023 for multimodal fusion—developed by Ant Group and partners to provide unified, secure and cost‑effective testing frameworks for biometric systems worldwide.

Biometric StandardsIEEEmultimodal fusion

0 likes · 5 min read

IEEE Publishes Three International Standards for Biometric Recognition Performance Evaluation

Architecture Digest

Sep 27, 2023 · Information Security

Understanding JWT Claims and Token Renewal Strategies

This article explains the standard JWT claims, shows how to add custom claims with Java code, and compares single‑token and double‑token renewal approaches, including practical examples such as WeChat web authorization and Redis‑based token storage.

JWTOAuth2Token

0 likes · 6 min read

Understanding JWT Claims and Token Renewal Strategies

OPPO Amber Lab

Sep 27, 2023 · Information Security

Uncovering Android Sensor Types, Permissions, and Hidden Security Vulnerabilities

This article explains the variety of sensors built into modern Android smartphones, how developers access them via the SensorManager API, the required permissions, and analyzes several memory, logic, and side‑channel vulnerabilities that expose user privacy and system integrity.

AndroidPermissionsSensors

0 likes · 16 min read

Uncovering Android Sensor Types, Permissions, and Hidden Security Vulnerabilities

Programmer DD

Sep 25, 2023 · Information Security

How to Bypass Missing China Option and Enable GitHub 2FA Easily

This guide explains why GitHub’s 2FA setup may lack a China option, shows a JavaScript workaround that no longer works, and details the reliable method of completing verification using authenticator apps and a QR code.

2FAAuthenticator AppsGitHub

0 likes · 3 min read

How to Bypass Missing China Option and Enable GitHub 2FA Easily

Open Source Tech Hub

Sep 20, 2023 · Backend Development

How to Extend the Lifetime of Legacy PHP Applications Securely

Legacy PHP apps often face end‑of‑life challenges, but by choosing appropriate hosting, leveraging CloudLinux HardenedPHP, containerization, PECL alternatives, and LTS‑supported frameworks and libraries, you can securely run them longer while minimizing upgrade costs and maintaining compatibility.

ContainersHostingLTS

0 likes · 16 min read

How to Extend the Lifetime of Legacy PHP Applications Securely

php Courses

Sep 19, 2023 · Backend Development

Understanding PHP's addslashes() Function: Syntax, Usage, and Security Considerations

The article explains PHP's addslashes() function, detailing its syntax, how it escapes specific characters, provides code examples, demonstrates its role in preventing SQL injection, and advises using stronger escaping methods such as mysqli_real_escape_string or PDO prepared statements.

SQL injectionaddslashesbackend-development

0 likes · 6 min read

Understanding PHP's addslashes() Function: Syntax, Usage, and Security Considerations

php Courses

Sep 19, 2023 · Backend Development

Using PHP strip_tags() to Remove HTML Tags

The article explains PHP's strip_tags() function, its syntax, basic usage, how to preserve specific or multiple HTML tags, how to remove all tags, and important notes for safely cleaning user input in backend development.

html-removalphp-functionssecurity

0 likes · 4 min read

Using PHP strip_tags() to Remove HTML Tags

Top Architect

Sep 18, 2023 · Information Security

Understanding Cookie‑Based Single Sign‑On and CAS Authentication Flow

This article reviews the shortcomings of simple cookie‑based single sign‑on, introduces a unified authentication center architecture, explains the Central Authentication Service (CAS) design and its deployment, and walks through the complete login process—including first, second, and cross‑domain accesses—highlighting key tickets, filters, and session handling.

CASSSOjava

0 likes · 12 min read

Understanding Cookie‑Based Single Sign‑On and CAS Authentication Flow

macrozheng

Sep 18, 2023 · Backend Development

Secure & Scalable API Design: Signatures, Encryption, Rate Limiting, and More

This article outlines comprehensive best‑practice guidelines for building robust API interfaces, covering signature mechanisms, data encryption, IP whitelisting, rate limiting, parameter validation, unified responses, exception handling, logging, idempotency, request limits, performance testing, asynchronous processing, data masking, and documentation standards.

Idempotencyapi-designbest practices

0 likes · 15 min read

Secure & Scalable API Design: Signatures, Encryption, Rate Limiting, and More

Code Ape Tech Column

Sep 18, 2023 · Information Security

Java Code Obfuscation with ProGuard: Configuration and Maven Integration

This article explains how to protect Java applications from reverse engineering by using ProGuard for code obfuscation, detailing the creation of a proguard.cfg file, Maven plugin configuration, and the build process to generate an obfuscated JAR.

ProGuardcode obfuscationjava

0 likes · 7 min read

Java Code Obfuscation with ProGuard: Configuration and Maven Integration

OPPO Amber Lab

Sep 15, 2023 · Mobile Development

Master Android Fragments: Basics, Lifecycle, Communication & Common Vulnerabilities

This article introduces Android Fragments—explaining their purpose, core functions, static and dynamic integration methods, detailed lifecycle stages, various communication patterns, and a typical security flaw involving arbitrary URL handling—providing developers and security researchers with practical insights and mitigation ideas.

AndroidFragmentLifecycle

0 likes · 10 min read

Master Android Fragments: Basics, Lifecycle, Communication & Common Vulnerabilities

php Courses

Sep 15, 2023 · Backend Development

Understanding PHP's htmlentities() Function: Syntax, Usage, and Security Considerations

This article explains the PHP htmlentities() function, covering its syntax, parameters, practical code examples for converting special characters to HTML entities, and important security tips such as preventing HTML injection attacks, making it essential for backend developers.

htmlentitiessecuritystring-manipulation

0 likes · 6 min read

Understanding PHP's htmlentities() Function: Syntax, Usage, and Security Considerations

MaGe Linux Operations

Sep 14, 2023 · Information Security

Why Running Docker as Root Is Dangerous and How Rootless Mode Secures Your Containers

This guide explains the security risks of running Docker with root privileges—including container escape, privilege escalation, filesystem and network abuse—and provides step‑by‑step instructions for configuring Docker Rootless mode, its limitations, debugging tips, and comparison with Podman.

ContainersInstallationLinux

0 likes · 22 min read

Why Running Docker as Root Is Dangerous and How Rootless Mode Secures Your Containers

Top Architect

Sep 14, 2023 · Backend Development

Using Nginx Stream Proxy to Securely Access MySQL

This article explains how to configure Nginx as a stream proxy to securely connect to MySQL servers, covering required modules, stream, server, listen directives, IP access restrictions, and provides complete configuration examples for both single‑instance and clustered environments.

ConfigurationNginxProxy

0 likes · 8 min read

Using Nginx Stream Proxy to Securely Access MySQL

Tencent Cloud Developer

Sep 13, 2023 · Cloud Native

Designing and Implementing a Payment Fund Account System

The article details how to design and implement a cloud‑native payment fund account system on Tencent Cloud, covering account definitions, fund flow and multiple account types, TDSQL storage, separated fund and account services, robust security, distributed transactions, auditing, reconciliation, and high‑availability measures for high‑concurrency merchant payments.

AvailabilityConsistencyTDSQL

0 likes · 35 min read

Designing and Implementing a Payment Fund Account System

Rare Earth Juejin Tech Community

Sep 13, 2023 · Frontend Development

Techniques for Preventing Debugging in Front‑End JavaScript Applications

This article explains why front‑end developers may want to block debugging, demonstrates how infinite `debugger` statements can be used to hinder inspection, and provides multiple counter‑measures—including disabling breakpoints, using `Function('debugger')`, code obfuscation, and an advanced anti‑debug script that detects window size anomalies.

Anti-debuggingObfuscationdebugger

0 likes · 5 min read

Techniques for Preventing Debugging in Front‑End JavaScript Applications

Laravel Tech Community

Sep 12, 2023 · Information Security

OpenSSL 3.2 Alpha Release Introduces New Features and Protocol Support

The OpenSSL 3.2 Alpha has been released, adding client‑side QUIC support, TLS certificate compression, deterministic ECDSA, expanded Ed25519/Ed448 capabilities, AES‑GCM‑SIV, Argon2 with thread‑pool, HPKE, raw public‑key TLS, TCP Fast Open, pluggable post‑quantum signatures, Brainpool curves, SM4‑XTS, and optional Windows certificate‑store integration.

Alpha ReleaseOpenSSLProtocols

0 likes · 2 min read

OpenSSL 3.2 Alpha Release Introduces New Features and Protocol Support

Laravel Tech Community

Sep 7, 2023 · Information Security

PHP Server Security Configuration Guide

This article provides a comprehensive step‑by‑step guide to hardening PHP server settings, covering safe mode activation, directory restrictions, disabling dangerous functions, hiding version information, managing error reporting, and creating low‑privilege MySQL and Apache accounts for enhanced security.

Serverdisable_functionssafe mode

0 likes · 7 min read

Top Architecture Tech Stack

Aug 31, 2023 · Information Security

Design of QR Code Login Functionality

This article explains the three-stage design of a QR code login system—including pending scan, scanned‑pending‑confirmation, and confirmed phases—detailing how unique QR IDs, token exchange, and user confirmation ensure secure authentication across PC and mobile devices.

AuthenticationBackendDesign

0 likes · 5 min read

Wukong Talks Architecture

Aug 30, 2023 · Databases

Comprehensive Database Design, Security, and Operational Best Practices

This article presents a detailed checklist of mandatory and recommended standards for database security, design, naming, indexing, SQL usage, and operational procedures, aiming to prevent low‑level failures in high‑concurrency, large‑scale internet applications.

Designbest practicessecurity

0 likes · 21 min read

Comprehensive Database Design, Security, and Operational Best Practices

Top Architecture Tech Stack

Aug 29, 2023 · Cloud Computing

Remote Development Architecture and Benefits with JetBrains

The article explains the overall architecture of remote development, why remote development is needed, how cloud‑based environments improve security, consistency, and resource control, and details JetBrains' remote development features that enable instant, reproducible IDE workspaces on remote servers.

Cloud IDEDevelopment EnvironmentJetBrains

0 likes · 6 min read

Remote Development Architecture and Benefits with JetBrains

NetEase LeiHuo Testing Center

Aug 25, 2023 · Information Security

Case Study of CDN Traffic Theft and DDoS Attack Mitigation in Game Publishing

This article details how a game publisher discovered massive CDN traffic theft caused by DDoS-like attacks, analyzed the root causes, implemented monitoring, rate‑limiting, UA blocking and resource cleanup measures, and shares practical guidelines for preventing similar security incidents in production environments.

CDNDDoSTraffic Theft

0 likes · 20 min read

Case Study of CDN Traffic Theft and DDoS Attack Mitigation in Game Publishing

Cloud Native Technology Community

Aug 24, 2023 · Information Security

Security Risks of Exposing Private Keys in Istio Service Mesh and Mitigation Approaches

The article analyzes how private keys for workloads uploaded via Istio Ingress gateways can be exposed in plaintext, stored in memory, and extracted using tools like OpenSSL and GDB, and discusses mitigation strategies such as Intel SGX‑based protection.

IstioPrivate KeyService Mesh

0 likes · 8 min read

Security Risks of Exposing Private Keys in Istio Service Mesh and Mitigation Approaches

Top Architect

Aug 23, 2023 · Backend Development

Understanding API Gateways: Concepts, Design Principles, and Common Implementations

This article explains what an API gateway is, why it is needed in micro‑service architectures, outlines key design considerations such as routing, load‑balancing, resilience and security, and compares popular open‑source gateway solutions like OpenResty, Kong, Zuul and Spring Cloud Gateway.

Design Patternsapi-gatewayload balancing

0 likes · 26 min read

Understanding API Gateways: Concepts, Design Principles, and Common Implementations

Python Programming Learning Circle

Aug 22, 2023 · Information Security

Avoid Security Risks When Running Python Scripts from the Downloads Folder and Using $PYTHONPATH

Running Python scripts from the Downloads folder or misusing $PYTHONPATH can expose your system to malicious code takeover, as demonstrated by examples where attacker‑placed pip.py or modules hijack execution; the article explains the risks and recommends safe practices like using virtualenv and proper path management.

PYTHONPATHPath Hijackingbest practices

0 likes · 9 min read

Avoid Security Risks When Running Python Scripts from the Downloads Folder and Using $PYTHONPATH

php Courses

Aug 21, 2023 · Backend Development

Implementing HTTPS Communication in PHP with cURL

This article explains how to secure PHP communications using HTTPS by obtaining SSL certificates, configuring cURL options, creating requests, verifying server certificates, and handling SSL errors, with complete code examples for developers.

HTTPSSSLsecurity

0 likes · 5 min read

Implementing HTTPS Communication in PHP with cURL

360 Quality & Efficiency

Aug 18, 2023 · Backend Development

Understanding JavaAgent: Bytecode Instrumentation for Monitoring and Protection

This article explains the background, principles, loading mechanisms, usage workflow, testing considerations, and advantages of JavaAgent technology for dynamic Java bytecode instrumentation and runtime protection.

JVMJavaAgentbytecode instrumentation

0 likes · 7 min read

Understanding JavaAgent: Bytecode Instrumentation for Monitoring and Protection

Ant R&D Efficiency

Aug 17, 2023 · Cloud Computing

How Ant Group’s FaaS Architecture Boosts Performance and Security

Ant Group’s FaaS platform redefines serverless computing by eliminating infrastructure overhead, offering rapid function deployment, high‑throughput low‑latency scheduling, robust security isolation, and cost‑effective scaling, while detailing its architectural components, performance optimizations, and future AI‑driven enhancements.

FaaSServerlessarchitecture

0 likes · 21 min read

How Ant Group’s FaaS Architecture Boosts Performance and Security

AntTech

Aug 17, 2023 · Cloud Native

Ant Group FaaS: Architecture, Performance Optimizations, and Security Practices

This article explains the concept of Function-as-a-Service (FaaS), its rise and suitable scenarios, then details Ant Group's serverless architecture, performance‑tuning techniques, security isolation mechanisms, developer experience, and future outlook integrating AI to create a new programming paradigm.

Ant GroupCloud NativeFaaS

0 likes · 18 min read

Ant Group FaaS: Architecture, Performance Optimizations, and Security Practices

Aikesheng Open Source Community

Aug 14, 2023 · Databases

Using MySQL 8.0.34 validate_password.changed_characters_percentage to Enforce Password Change Requirements

MySQL 8.0.34 adds the validate_password.changed_characters_percentage variable, allowing administrators to require a minimum percentage of different characters when users change passwords, and the article demonstrates how to enable the policy, set up a test environment, and verify behavior with various password change scenarios.

Database Administrationchanged_characters_percentagemysql

0 likes · 11 min read

Using MySQL 8.0.34 validate_password.changed_characters_percentage to Enforce Password Change Requirements

Didi Tech

Aug 10, 2023 · Information Security

Security Hardening and Architecture of Didi's Elasticsearch Deployment

Didi hardened its massive Elasticsearch deployment—spanning 66 clusters and thousands of nodes—by adding a custom security plugin that authenticates requests at the cluster level, implementing a one‑click toggle and staged rolling upgrades, ultimately enabling authentication across all clusters and dramatically reducing data‑leak risk.

AuthenticationData ProtectionDidi

0 likes · 12 min read

Security Hardening and Architecture of Didi's Elasticsearch Deployment

Sohu Tech Products

Aug 9, 2023 · Information Security

Software Supply Chain Security: Risks, Attacks, and Mitigation

The article explains software supply chain security across development, delivery, and usage phases, outlines ten common vulnerabilities and four attack categories, describes attack characteristics, examines risk factors in design, code, release, and operation stages, and presents comprehensive mitigation measures including SDL phases, DevSecOps practices, and detailed lifecycle controls.

DevSecOpsSDLrisk management

0 likes · 12 min read

Software Supply Chain Security: Risks, Attacks, and Mitigation

Cloud Native Technology Community

Aug 8, 2023 · Cloud Native

Securing Cloud‑Native Applications: A Full‑Lifecycle Guide

This whitepaper explains how the shift to cloud‑native development reshapes security, analyzes the challenges of moving from perimeter‑based models to label‑driven protection, and offers practical recommendations for embedding security across development, distribution, deployment, and runtime stages.

Zero Trustsecuritysoftware supply chain

0 likes · 8 min read

Securing Cloud‑Native Applications: A Full‑Lifecycle Guide

php Courses

Aug 8, 2023 · Backend Development

How to Build a Secure Online Voting System with PHP

This article explains how to design and implement a PHP-based online voting system with user registration, login, vote submission, and anti‑cheating measures such as session validation, duplicate‑vote checks, transactions, captchas, and vote‑limit enforcement.

CaptchaPHPSession

0 likes · 9 min read

How to Build a Secure Online Voting System with PHP

IT Services Circle

Aug 3, 2023 · Information Security

Linus Torvalds Criticizes AMD fTPM for System Hangs and Calls for Its Disablement

Linus Torvalds, after previously praising AMD, now denounces the AMD fTPM implementation for causing intermittent system hangs on Windows and Linux, explaining the underlying memory‑transaction issue, AMD’s delayed fixes, and his recommendation to disable fTPM in favor of the CPU’s rdrand instruction.

AMDfTPMsecurity

0 likes · 7 min read

Linus Torvalds Criticizes AMD fTPM for System Hangs and Calls for Its Disablement

dbaplus Community

Aug 2, 2023 · Backend Development

How WeChat Built a Scalable Security Data Warehouse for Billions of Requests

This article explains the evolution of WeChat's security data warehouse—from its business background and the need for unified feature storage to the architectural designs, multi‑IDC synchronization, operation system, and data‑quality safeguards that enable reliable, high‑performance security policy development for over a trillion daily feature reads and writes.

Data QualityFeature ManagementReal-time Processing

0 likes · 12 min read

How WeChat Built a Scalable Security Data Warehouse for Billions of Requests

Java Interview Crash Guide

Aug 2, 2023 · Backend Development

How QR Code Login Works: From Token Authentication to Seamless Mobile‑PC Sign‑In

This article explains the technical principles behind QR code login, covering QR code basics, token‑based authentication, the step‑by‑step workflow between mobile and PC, and security considerations for implementing a reliable cross‑device sign‑in system.

AuthenticationMobileQR code

0 likes · 12 min read

How QR Code Login Works: From Token Authentication to Seamless Mobile‑PC Sign‑In

21CTO

Aug 1, 2023 · Information Security

Why Linus Torvalds Wants to Disable AMD’s fTPM RNG – A Hidden Kernel Issue

Linus Torvalds has publicly criticized AMD’s firmware‑based TPM random number generator for causing system stalls on Linux, urging the community to disable the fTPM hwrng until reliable fixes are delivered, highlighting broader security and firmware concerns.

AMDRandom Number GeneratorTPM

0 likes · 6 min read

Why Linus Torvalds Wants to Disable AMD’s fTPM RNG – A Hidden Kernel Issue

Laravel Tech Community

Jul 30, 2023 · Fundamentals

Overview of Common IT Certifications and Their Focus Areas

This article provides a concise overview of widely recognized IT certifications across various domains such as networking, cloud computing, security, databases, artificial intelligence, and software development, explaining their purpose and the career advantages they offer to professionals seeking to validate their technical expertise.

Career DevelopmentIT certificationsNetworking

0 likes · 6 min read

Overview of Common IT Certifications and Their Focus Areas

MaGe Linux Operations

Jul 29, 2023 · Operations

What’s New in Debian 12.1? Key Security Fixes and Kernel Upgrade Explained

Debian 12.1, the latest point release of the long‑standing stable Linux distribution, brings a host of security patches, bug fixes, and a major kernel upgrade from 5.10 to 6.1 LTS, while also updating many packages and improving hardware support across architectures.

DebianLinuxOperating System

0 likes · 5 min read

What’s New in Debian 12.1? Key Security Fixes and Kernel Upgrade Explained

Kuaishou E-commerce Frontend Team

Jul 28, 2023 · Frontend Development

How to Write High‑Quality Front‑End Code: Best Practices and Standards

This article explains why high‑quality front‑end code matters, defines its key attributes such as readability, maintainability, robustness and performance, and provides concrete guidelines on naming, comments, code organization, security, tooling, and e‑commerce front‑end standards to help developers write clean, efficient, and scalable code.

best practicescode qualityfrontend

0 likes · 23 min read

How to Write High‑Quality Front‑End Code: Best Practices and Standards

Weimob Technology Center

Jul 28, 2023 · Frontend Development

JavaScript Sandboxes for Secure Micro‑Frontend Apps: Techniques & Examples

This article explains the concept of sandbox security mechanisms, explores their use cases in iPaaS API orchestration and micro‑frontend applications, compares eval, Function, with + proxy techniques, presents JavaScript, iframe and Node vm sandbox implementations, and details practical deployments within the Kraken framework and a centralized approval service.

JavaScriptNode.jsiPaaS

0 likes · 18 min read

JavaScript Sandboxes for Secure Micro‑Frontend Apps: Techniques & Examples

OPPO Amber Lab

Jul 28, 2023 · Information Security

How Mismatched Parcelable Read/Write Leads to Android Exploits and How to Fix Them

This article examines how inconsistencies between Parcelable serialization and deserialization in Android's Binder/Parcel mechanism can cause data misalignment, enabling attackers to craft malicious Bundles that bypass checks, and outlines various exploitation scenarios and mitigation strategies introduced in recent Android releases.

AndroidBinderExploit

0 likes · 17 min read

How Mismatched Parcelable Read/Write Leads to Android Exploits and How to Fix Them

Bilibili Tech

Jul 28, 2023 · Operations

How to Build an Efficient Public Resource Management System for Testing Teams

The article explains why testing teams need systematic public resource management, outlines the challenges of resource flow, asset control, and security, and details the evolution from a simple approval pipeline (v1.0) to a more autonomous, domain‑aware system (v2.0) with practical solutions.

Resource ManagementSystem Designasset control

0 likes · 10 min read

How to Build an Efficient Public Resource Management System for Testing Teams

Spring Full-Stack Practical Cases

Jul 27, 2023 · Backend Development

How to Set Up and Secure Spring Boot Admin Server & Client with Dynamic Logging

This guide walks through setting up a Spring Boot Admin server and client, adding security, configuring logging, displaying client IPs, and dynamically adjusting log levels via the SBA UI, providing complete Maven dependencies, Java configuration classes, and YAML settings for a secure, observable Spring Boot ecosystem.

Spring Bootjavalogging

0 likes · 9 min read

How to Set Up and Secure Spring Boot Admin Server & Client with Dynamic Logging

ByteFE

Jul 26, 2023 · Frontend Development

Browser Fundamentals: Process Architecture, V8 Engine, Memory Management, Event Loop, Rendering, and Security

This comprehensive guide explains browser fundamentals, covering process and thread architecture, single‑ and multi‑process models, the V8 engine's data types, property ordering, memory allocation and garbage collection, compilation stages, the event loop, rendering pipeline, performance optimization techniques, and security mechanisms.

BrowserRenderingV8

0 likes · 43 min read

Browser Fundamentals: Process Architecture, V8 Engine, Memory Management, Event Loop, Rendering, and Security

OPPO Amber Lab

Jul 21, 2023 · Information Security

How ServiceFuzzer Enhances Android Native Service Security with libFuzzer

This article explains how Android native services can be securely fuzzed using libFuzzer and the ServiceFuzzer framework, detailing the architecture, instrumentation, and practical improvements that boost code‑coverage and vulnerability detection while addressing the limitations of traditional native service fuzzing.

AndroidNative ServicesServiceFuzzer

0 likes · 14 min read

How ServiceFuzzer Enhances Android Native Service Security with libFuzzer

Continuous Delivery 2.0

Jul 21, 2023 · Operations

Essential Software Development Metrics for Agile Teams and Production Success

The article explains how teams can adopt nine objective software development metrics—including lead time, cycle time, team velocity, defect rates, MTBF, MTTR, crash rate, endpoint incidents, and code‑quality measures—to continuously improve processes, assess production health, and align engineering work with business value.

agileperformancesecurity

0 likes · 12 min read

Essential Software Development Metrics for Agile Teams and Production Success

Laravel Tech Community

Jul 20, 2023 · Information Security

Nginx Security Hardening: Preventing DDoS, SQL Injection, XSS, and Other Attacks

This guide outlines practical Nginx configuration techniques to mitigate DDoS, SQL injection, path traversal, XSS, host header injection, clickjacking, and other security threats while also covering SSL/TLS encryption, server token hiding, and essential command‑line operations.

DDoSHardeningSSL

0 likes · 6 min read

Nginx Security Hardening: Preventing DDoS, SQL Injection, XSS, and Other Attacks

dbaplus Community

Jul 19, 2023 · Databases

What’s New in MySQL 8.1 & 8.0.34? Key Features and Changes Explained

MySQL 8.1, the first innovation release, and the stable 8.0.34 bring a host of new capabilities—including JSON‑based EXPLAIN INTO, enhanced replication controls, expanded security variables, audit improvements, binary‑log functions, and several deprecations—while also fixing numerous bugs to solidify MySQL’s stability.

NewFeaturesReplicationaudit

0 likes · 9 min read

What’s New in MySQL 8.1 & 8.0.34? Key Features and Changes Explained

FunTester

Jul 18, 2023 · Fundamentals

9 Common Code Smells and How to Fix Them for Cleaner, Safer Software

This article examines nine frequent coding pitfalls—from inconsistent naming and missing comments to poor error handling, hard‑coded values, inadequate testing, over‑optimization, security oversights, and weak version‑control practices—offering concrete refactoring examples and best‑practice recommendations to improve readability, maintainability, and reliability.

Version Controlbest practicescode quality

0 likes · 18 min read

9 Common Code Smells and How to Fix Them for Cleaner, Safer Software

IT Services Circle

Jul 18, 2023 · Information Security

eSIM Technology Overview and Recent Service Suspensions in China

The article explains what eSIM is, its evolution from traditional SIM cards, Apple’s adoption, the recent suspension of eSIM services by China Mobile, Unicom and Telecom, and discusses potential bugs, security risks, and consumer advice regarding eSIM-enabled wearables.

ChinaMobileeSIM

0 likes · 7 min read

eSIM Technology Overview and Recent Service Suspensions in China

AntTech

Jul 18, 2023 · Information Security

HODOR: Shrinking the Attack Surface on Node.js via System Call Limitation

Researchers from Shanghai Jiao Tong University, Ant Security Light-Year Lab, and Zhejiang University present HODOR, a system that reduces the attack surface of Node.js applications by generating fine-grained system‑call allowlists using Seccomp, achieving an average 80% reduction in exploit surface with negligible runtime overhead.

Node.jsSystem Callruntime protection

0 likes · 12 min read

HODOR: Shrinking the Attack Surface on Node.js via System Call Limitation

JD Tech

Jul 17, 2023 · Information Security

Understanding CAS Single Sign-On: Architecture, Core Tickets, and Implementation Guide

This article explains the concepts, architecture, core tickets, and practical implementation steps of CAS-based Single Sign-On, including detailed API specifications, security considerations, and example code snippets for integrating SSO across multiple applications.

APIAuthenticationCAS

0 likes · 9 min read

Understanding CAS Single Sign-On: Architecture, Core Tickets, and Implementation Guide

Liangxu Linux

Jul 16, 2023 · Operations

Essential Ops Checklist: Prevent Data Loss, Secure Servers, and Optimize Performance

This article compiles practical operations guidelines covering safe testing, rigorous confirmation before commands, limiting multi‑person access, mandatory backups, careful use of destructive commands, SSH hardening, firewall rules, fine‑grained permissions, continuous monitoring, performance tuning steps, and a disciplined mindset to avoid costly incidents.

Backupmonitoringperformance tuning

0 likes · 10 min read

Essential Ops Checklist: Prevent Data Loss, Secure Servers, and Optimize Performance

MaGe Linux Operations

Jul 15, 2023 · Cloud Native

How to Secure Your Kubernetes Clusters with DevSecOps Best Practices

This article explains how to integrate security into the DevOps pipeline for Kubernetes, covering DevSecOps concepts, image protection, role‑based access control, network policies, encryption, etcd safeguarding, and disaster‑recovery strategies to keep clusters safe and releases fast.

DevSecOpsKubernetesNetworkPolicy

0 likes · 21 min read

How to Secure Your Kubernetes Clusters with DevSecOps Best Practices

OPPO Amber Lab

Jul 14, 2023 · Information Security

Master Android Framework Vulnerability Hunting: Proven Methods for Beginners

This article introduces the Android Java Framework vulnerability discovery process, outlining characteristic vulnerability types, and presenting three practical methods—historical CVE analysis, feature‑based exploration, and business‑logic testing—along with step‑by‑step guidance and illustrative examples to help beginners quickly start effective Framework security research.

AndroidBug HuntingFramework

0 likes · 11 min read

Master Android Framework Vulnerability Hunting: Proven Methods for Beginners

DevOps Cloud Academy

Jul 12, 2023 · Cloud Native

Using KubeLinter to Lint Kubernetes YAML and Helm Charts for Production‑Readiness and Security

This article introduces KubeLinter, an open‑source tool that scans Kubernetes YAML files and Helm charts for best‑practice compliance, explains why it is useful, shows installation methods, provides usage examples, and details configuration and integration options for secure, production‑ready deployments.

Cloud NativeDevOpsKubeLinter

0 likes · 9 min read

Using KubeLinter to Lint Kubernetes YAML and Helm Charts for Production‑Readiness and Security

System Architect Go

Jul 11, 2023 · Cloud Native

Container Runtime Internals and Latest Trends (2023)

This article reviews container fundamentals, explains Docker’s architecture and Linux namespaces, cgroups, capabilities, and security mechanisms, then surveys recent developments such as containerd, CRI‑O, rootless containers, alternative runtimes like Podman, Kata, gVisor, and emerging WebAssembly‑based approaches, highlighting trends up to 2023.

ContainersDockerKubernetes

0 likes · 19 min read

Container Runtime Internals and Latest Trends (2023)

Test Development Learning Exchange

Jul 10, 2023 · Backend Development

Using python-decouple to Securely Manage Configuration in Interface Automation

This article explains how to use the python-decouple library to isolate configuration from code, demonstrating five practical examples for loading sensitive information, default values, booleans, integers, and list settings in Python-based API automation.

BackendConfigurationautomation

0 likes · 4 min read

Using python-decouple to Securely Manage Configuration in Interface Automation

DevOps Cloud Academy

Jul 9, 2023 · Cloud Native

Designing Scalable Kubernetes Applications: Best Practices

This article outlines comprehensive best‑practice guidelines for building Kubernetes applications, covering scalability design, containerization, pod scope, configuration management, health probes, deployments, service discovery, storage, monitoring, security, and CI/CD integration to achieve robust, highly available workloads.

ConfigMapKubernetesci/cd

0 likes · 9 min read

Designing Scalable Kubernetes Applications: Best Practices

21CTO

Jul 5, 2023 · Backend Development

Why WebAssembly Could Revolutionize Backend Development

WebAssembly is moving beyond browsers into server‑side workloads, offering a portable binary format, promising performance, and new security considerations, while integrating with containers and Kubernetes through WASI, making it a compelling technology for modern backend development.

KubernetesPortabilityWebAssembly

0 likes · 8 min read

Why WebAssembly Could Revolutionize Backend Development

php Courses

Jul 5, 2023 · Backend Development

Three Ways to Download Files in PHP

The article explains three PHP methods for file downloading: a direct link, a parameter‑based redirect that checks file existence, and a streamed download using head() and fread() with proper HTTP headers, comparing their simplicity and security implications.

File DownloadPHPWeb Development

0 likes · 3 min read

php Courses

Jul 5, 2023 · Information Security

Using PHP Security Library Functions to Prevent Code Injection Attacks

This article introduces PHP security library functions such as htmlspecialchars(), htmlentities(), and mysqli_real_escape_string(), demonstrating with code examples how they filter and validate user input to prevent XSS and SQL injection attacks, while noting that additional security measures are still required.

PHPSQL injectionWeb Security

0 likes · 4 min read

Using PHP Security Library Functions to Prevent Code Injection Attacks

Baidu Tech Salon

Jul 4, 2023 · Information Security

Implementation and Practice of DEX‑VMP Code Protection for Android Applications

The article details how Android developers can protect APK dex files by progressively hardening code—using dynamic loading, hooking, instruction extraction, java‑to‑C++ conversion, and ultimately DEX‑VMP virtual machine encryption—while outlining implementation steps, custom opcodes, JNI integration, and addressing compatibility and performance trade‑offs.

AndroidDEXVMP

0 likes · 17 min read

Implementation and Practice of DEX‑VMP Code Protection for Android Applications

AntTech

Jul 3, 2023 · Blockchain

Flashbots MEV Bot Attack on Ethereum: Vulnerability Analysis, Exploit Timeline, and Mitigation

This article provides a detailed forensic analysis of a Flashbots MEV bot attack on Ethereum, describing the underlying PBS protocol flaw, the malicious validator’s multi‑stage preparation, the sandwich‑style exploit, the financial impact, and recommended code‑level fixes to prevent private transaction leakage.

BlockchainEthereumFlashbots

0 likes · 13 min read

Flashbots MEV Bot Attack on Ethereum: Vulnerability Analysis, Exploit Timeline, and Mitigation

Architecture and Beyond

Jul 1, 2023 · Industry Insights

Web Crawlers Unveiled: History, Value, and How to Tackle Their Challenges

This article traces the development of web crawlers from their 1990s origins to modern implementations, examines their multifaceted value in search, data analysis, and archiving, outlines technical, ethical, and legal challenges for both crawler creators and target sites, and presents practical strategies to mitigate malicious crawling.

Data ExtractionWeb Crawlinganti-scraping

0 likes · 24 min read

Web Crawlers Unveiled: History, Value, and How to Tackle Their Challenges

Liangxu Linux

Jul 1, 2023 · Information Security

Mastering TCPDump: Essential Commands and Real‑World Examples for Network Analysis

This guide explains what TCPDump is, why it matters for Linux network monitoring, how it works under the hood, its key features and security considerations, how to install it, a full breakdown of its command‑line options, and dozens of practical examples for capturing and filtering packets, including integration with Wireshark.

Wiresharknetwork capturepacket analysis

0 likes · 13 min read

Mastering TCPDump: Essential Commands and Real‑World Examples for Network Analysis

Open Source Linux

Jun 30, 2023 · Cloud Native

Essential Kubernetes Tools to Boost Your DevOps Workflow

This article reviews a curated set of open‑source Kubernetes tools—including Helm, Flagger, Kubewatch, Gitkube, kube‑state‑metrics, Kamus, Untrak, Scope, Dashboard, Kops, cAdvisor, Kubespray, K9s, Kubetail, PowerfulSeal, and Popeye—that enhance management, security, monitoring, and deployment within DevOps pipelines.

cloud-nativemonitoringopen-source

0 likes · 11 min read

Essential Kubernetes Tools to Boost Your DevOps Workflow

vivo Internet Technology

Jun 28, 2023 · Operations

Certificate Management Platform Practice: From Manual to Platform-Based Operations at Scale

vivo replaced fragile, engineer‑driven certificate handling with a centralized Vue‑2/Go platform that automates application, secure key storage, renewal alerts, and multi‑environment pushes, eliminating availability incidents and paving the way for future blockchain‑based, immutable certificate distribution.

DevOpsInfrastructureOperations Automation

0 likes · 7 min read

Certificate Management Platform Practice: From Manual to Platform-Based Operations at Scale

Baidu Geek Talk

Jun 28, 2023 · Information Security

DEX‑VMP Based Android Code Protection: Design, Implementation, and Analysis

The paper presents a DEX‑VMP scheme that encrypts Dalvik bytecode and executes it via a custom virtual machine and JNI bridge, merging the strengths of dynamic loading, hooking, instruction extraction, and java‑to‑C++ conversion while highlighting compatibility issues, performance overhead, and the need for selective protection of high‑value Android methods.

AndroidDEXJNI

0 likes · 17 min read

DEX‑VMP Based Android Code Protection: Design, Implementation, and Analysis

Test Development Learning Exchange

Jun 27, 2023 · Fundamentals

Common Python 3 Third‑Party Libraries by Category with Code Examples

This article presents a comprehensive overview of widely used Python 3 third‑party libraries across multiple domains—including text processing, web development, databases, data analysis, computer vision, automation testing, security, and other utilities—offering concise descriptions and ready‑to‑run code snippets for each library.

automationdata‑analysislibraries

0 likes · 32 min read

Common Python 3 Third‑Party Libraries by Category with Code Examples

DevOps

Jun 27, 2023 · Information Security

From DevOps to DevSecOps: Understanding Threats, Security Practices, and Using Microsoft Threat Modeling Tool

This article explains how DevSecOps extends DevOps by embedding security throughout the software lifecycle, discusses common threats such as SQL injection and broken access control, outlines the Security Development Lifecycle, and provides a step‑by‑step guide to using Microsoft Threat Modeling Tool for proactive risk mitigation.

DevSecOpsMicrosoftOWASP

0 likes · 20 min read

From DevOps to DevSecOps: Understanding Threats, Security Practices, and Using Microsoft Threat Modeling Tool

Liangxu Linux

Jun 26, 2023 · Fundamentals

Master Networking Fundamentals: From OSI Layers to TCP/IP, Security, and Wireless

This comprehensive guide covers essential networking concepts, including basic terminology, OSI and TCP/IP models, physical and data link layers, routing protocols, transport mechanisms, application services, security fundamentals, wireless LAN technologies, and practical command‑line tools, providing a solid foundation for students and professionals alike.

NetworkingOSI modelProtocols

0 likes · 63 min read

Master Networking Fundamentals: From OSI Layers to TCP/IP, Security, and Wireless

Ant R&D Efficiency

Jun 26, 2023 · Cloud Native

Serverless Function Compute for Mini Programs: Architecture, Security, and Performance Optimizations

Alipay’s serverless Function Compute platform empowers mini‑program developers with a four‑stage architecture—mini program, Alipay app, gateway, and function—offering automatic elastic scaling, sub‑20 ms scheduling, sub‑100 ms cold‑starts, multi‑layer isolation, DDoS protection, and the ability to sustain 10 k QPS for reliable, low‑latency user experiences.

Cloud NativeFunction ComputeMini Program

0 likes · 18 min read

Serverless Function Compute for Mini Programs: Architecture, Security, and Performance Optimizations

MaGe Linux Operations

Jun 25, 2023 · Information Security

Fix CORS Vulnerabilities in Nginx: Enforce Secure Origin Checks

This article explains why an insecure cross‑origin setup in Nginx violates security standards, demonstrates how to reproduce the vulnerability with custom Origin headers, and provides a complete Nginx configuration using a map directive to whitelist origins, add proper CORS headers, and return 403 for disallowed requests.

CORSConfigurationCross-Origin

0 likes · 3 min read

Fix CORS Vulnerabilities in Nginx: Enforce Secure Origin Checks

Zhaori User Experience

Jun 23, 2023 · Mobile Development

Designing Elder‑Friendly Banking Apps: Practical Guidelines and Real‑World Cases

This article explains how to create senior‑friendly banking mobile applications by following the "Mobile App Elderly Design Specification", covering entry design, perceptibility, operability, understandability, compatibility, and security, and provides concrete examples from major Chinese banks.

Design GuidelinesUser experienceaccessibility

0 likes · 35 min read

Designing Elder‑Friendly Banking Apps: Practical Guidelines and Real‑World Cases

MaGe Linux Operations

Jun 22, 2023 · Cloud Native

Essential Open‑Source Kubernetes Tools to Supercharge Your DevOps

This article surveys a curated collection of open‑source Kubernetes utilities—including Helm, Flagger, Kubewatch, Gitkube, kube‑state‑metrics, Kamus, Untrak, Scope, Dashboard, Kops, cAdvisor, Kubespray, K9s, Kubetail, PowerfulSeal and Popeye—detailing their roles in deployment, monitoring, security, and cluster management for modern DevOps workflows.

KubernetesToolingmonitoring

0 likes · 15 min read

Essential Open‑Source Kubernetes Tools to Supercharge Your DevOps